What is CVE-2022-35944?

CVE-2022-35944 is a medium-severity vulnerability in Octobercms October, classified under Code Injection. CVSS score: 6.2/10. Published 2022-10-13.

How severe is CVE-2022-35944?

Medium severity. CVSS v3 base score is 6.2 out of 10.

Is CVE-2022-35944 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Octobercms October

CVE-2022-35944

October is a self-hosted Content Management System (CMS) platform based on the Laravel PHP Framework. This vulnerability only affects installations that rely on the safe mode restriction, commonly used when providing public access to the a…

Vulnerability class: RCE (Remote Code Execution)

EPSS: 0.005 (67.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.2 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:L.

Affected products

Octobercms October — versions >= 3.0.0, < 3.0.66, < 2.2.34

Weakness classification (CWE)

CWE-94 — Code Injection

Public proof-of-concept exploits

cyllective/CVEs

References

github.com/octobercms/october/security/advisories/GHSA-x4q7-m6fp-4v9v

Frequently asked questions

What is CVE-2022-35944?: CVE-2022-35944 is a medium-severity vulnerability in Octobercms October, classified under Code Injection. CVSS score: 6.2/10. Published 2022-10-13.
How severe is CVE-2022-35944?: Medium severity. CVSS v3 base score is 6.2 out of 10.
Is CVE-2022-35944 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.