Impact
An attacker can exploit this vulnerability to read local files on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request.
Patches
Issue has been patched in Build 469 (v1.0.469) and v1.1.0.
Workarounds
Apply octobercms/library@80aab47 to your installation manually if unable to upgrade to Build 469.
References
Reported by ka1n4t
For more information
If you have any questions or comments about this advisory:
Threat assessment:
Impact
An attacker can exploit this vulnerability to read local files on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request.
Patches
Issue has been patched in Build 469 (v1.0.469) and v1.1.0.
Workarounds
Apply octobercms/library@80aab47 to your installation manually if unable to upgrade to Build 469.
References
Reported by ka1n4t
For more information
If you have any questions or comments about this advisory:
Threat assessment: