CVE-2017-1000197Critical
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →Share link
Anyone with the link can open this vulnerability.
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on…
CVSS
9.8
Critical
EPSS
0.01
p64
Published
2017-01-01
Updated
2017-01-01
Description
October CMS build 412 is vulnerable to file path modification in asset move functionality resulting in creating creating malicious files on the server.
Tags · CWE
Pre-auth
CWE-417
CWE-417CategoryDraft
Communication Channel Errors
Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems and are commonly used in "bypass" attacks, such as those that exploit authentication errors.
https://cwe.mitre.org/data/definitions/417.html →Open in CWE collection →Affected products
October ≤ 1.0.412
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2017-01-01
Published
2017-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.012 · p64
Known exploited (KEV)
No
Known exploits — Сканер-ВС
No Сканер-ВС checks registered for this vulnerability yet.
Source databases
CVE
CVE
National Vulnerability Database
NVD is the U.S. government repository of standards-based vulnerability management data, built on top of the MITRE CVE list. Every record includes CPE applicability statements, CVSS v2 and v3.x base scores, CWE mappings and cross-references to advisories.
Region
US
Updates
15 min
License
Public Domain
Comprehensive catalog of publicly disclosed vulnerabilities with CPE matches, CVSS scoring and reference URLs. De-facto standard for cross-vendor correlation.
https://nvd.nist.gov →