Main Vulnerability Database Vulnerabilities #VU60798

Embedded malicious code (backdoor) in October CMS - CVE-2022-23655

Published: February 23, 2022

Vulnerability identifier: #VU60798

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2022-23655

CWE-ID: CWE-506

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: OctoberCMS

Affected software:
October CMS

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to the application.

The vulnerability exists due to a project fork of October CMS v1.0 is using a compromised gateway to access the October CMS marketplace service. The compromised gateway captures the personal/business information of users and authors, including private source code files. It was also disclosed that captured plugin files are freely redistributed to other users without authorization.

The issue affects authors of plugins and themes listed on the October CMS marketplace where an end-user will inadvertently expose authors to potential financial loss by entering their private license key into a compromised server.

Note, the vulnerability is being exploited in the wild.

How to mitigate CVE-2022-23655

Install updates from vendor's website.

Sources

https://github.com/octobercms/october/security/advisories/GHSA-53m6-44rc-h2q5/

Embedded malicious code (backdoor) in October CMS - CVE-2022-23655

Detailed vulnerability description

How to mitigate CVE-2022-23655

Sources

Please verify you're human