VYPR
High severityNVD Advisory· Published Nov 23, 2020· Updated Aug 4, 2024

Local File Inclusion by unauthenticated users

CVE-2020-15246

Description

October is a free, open-source, self-hosted CMS platform based on the Laravel PHP Framework. In October CMS from version 1.0.421 and before version 1.0.469, an attacker can read local files on an October CMS server via a specially crafted request. Issue has been patched in Build 469 (v1.0.469) and v1.1.0.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
october/cmsPackagist
>= 1.0.421, < 1.0.4691.0.469

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.