Is CVE-2022-21705 actively exploited?

CVE-2022-21705 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2022-21705?

CVE-2022-21705 has a CVSS score of 7.2 (HIGH severity). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H.

How do I patch CVE-2022-21705?

Patch guidance is available from octobercms security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2022-21705.

Fix CVE-2022-21705 - HIGH octobercms october

Q: Which products are affected by CVE-2022-21705?

3 products: octobercms october, octobercms october, octobercms october.

Description

Octobercms is a self-hosted CMS platform based on the Laravel PHP Framework. In affected versions user input was not properly sanitized before rendering. An authenticated user with the permissions to create, modify and delete website pages can exploit this vulnerability to bypass `cms.safe_mode` / `cms.enableSafeMode` in order to execute arbitrary code. This issue only affects admin panels that rely on safe mode and restricted permissions. To exploit this vulnerability, an attacker must first have access to the backend area. The issue has been patched in Build 474 (v1.0.474) and v1.1.10. Users unable to upgrade should apply https://github.com/octobercms/library/commit/c393c5ce9ca2c5acc3ed6c9bb0dab5ffd61965fe to your installation manually.

CVSS Metrics

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector: network
Complexity: low
Privileges: high
User Action: none
Scope: unchanged
Confidentiality: high
Integrity: high
Availability: high
Weaknesses: CWE-74NVD-CWE-Other

Metadata

Primary Vendor: OCTOBERCMS
Published: 2/23/2022
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

CVE-2022-21705

Description

CVSS Metrics

Metadata

Affected Products

Remediation Guidance

Executive Summary