Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-98
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-4606 1 Flatpress 1 Flatpress 2022-12-22 N/A 9.8 CRITICAL
PHP Remote File Inclusion in GitHub repository flatpressblog/flatpress prior to 1.3.
CVE-2020-5295 1 Octobercms 1 October 2022-06-30 4.0 MEDIUM 4.9 MEDIUM
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets` permission. Issue has been patched in Build 466 (v1.0.466).