Skip to content

Safe Mode bypass leads to authenticated Remote Code Execution

Moderate
daftspunk published GHSA-x4q7-m6fp-4v9v Oct 13, 2022

Package

composer october/system (Composer)

Affected versions

>2.0, >3.0

Patched versions

2.2.34, 3.0.66

Description

Impact

This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the admin panel. Assuming an attacker has access to the admin panel and permission to open the "Editor" section, they can bypass the Safe Mode (cms.safe_mode) restriction to introduce new PHP code in a CMS template using a specially crafted request.

Patches

The issue has been patched in v2.2.34 and v3.0.66

References

Credits to:

  • David Miller

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2022-35944

Weaknesses

No CWEs

Credits