High severity7.2NVD Advisory· Published Oct 5, 2017· Updated May 13, 2026

CVE-2017-1000119

Description

October CMS build 412 is vulnerable to PHP code execution in the file upload functionality resulting in site compromise and possibly other applications on the server.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
october/cmsPackagist	<= 1.0.412	—

Affected products

Octobercms/October
cpe:2.3:a:octobercms:october:1.0.412:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

octobercms.com/support/article/rn-8nvdVendor AdvisoryWEB
github.com/advisories/GHSA-q263-j3q9-g964ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-1000119ghsaADVISORY
packetstormsecurity.com/files/154390/October-CMS-Upload-Protection-Bypass-Code-Execution.htmlnvdWEB

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.061
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000