Intrusion Prevention

October.CMS.Media.Arbitrary.PHP.File.Upload

Description

This indicates an attack attempt to exploit an Arbitrary File Upload vulnerability in October CMS.
The vulnerability is due to insufficient sanitizing of user supplied inputs in the application when handling a craft HTTP upload request. An authenticated remote attacker may be able exploit this to upload a malicious file to the server.

Affected Products

October CMS Build 413

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Please applied latest update or patch from the vendor
https://octobercms.com/support/article/rn-8

CVE References

CVE-2017-1000119

Other References

41936