Communication Channel Errors
CVE-2017-1000197
Summary
October CMS up to build 412 is vulnerable to file path modification in asset move functionality resulting in creating malicious files on the server.
- LOW
- NETWORK
- HIGH
- UNCHANGED
- NONE
- NONE
- HIGH
- HIGH
CWE-417 - Communication Channel Errors
Weaknesses in this category are related to improper handling of communication channels and access paths. These weaknesses include problems in creating, managing, or removing alternate channels and alternate paths. Some of these can overlap virtual file problems and are commonly used in "bypass" attacks, such as those that exploit authentication errors.
References
Advisory Timeline
- Published