CVE-2024-51991

October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This vulnerability allows an authenticated user to bypass this protection by uploading it with a permitted extension (for example, .jpg or .png) and later modifying it to the .svg extension. This vulnerability assumes a trusted user will attack another trusted user and cannot be actively exploited without access to the administration panel and interaction from the other user. This issue has been patched in v3.7.5.

CVSS v3 4.9 MEDIUM

4.9^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/octobercms/october/security/advisories/GHSA-96hh-8hx5-cpw7	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*

History

03 Sep 2025, 18:54

Type	Values Removed	Values Added
First Time		Octobercms october Octobercms
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.9
References	~~() https://github.com/octobercms/october/security/advisories/GHSA-96hh-8hx5-cpw7 -~~	() https://github.com/octobercms/october/security/advisories/GHSA-96hh-8hx5-cpw7 - Patch, Vendor Advisory
CPE		cpe:2.3:a:octobercms:october::::::::

05 May 2025, 20:54

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-05 17:18

Updated : 2025-09-03 18:54

NVD link : CVE-2024-51991

Mitre link : CVE-2024-51991

CVE.ORG link : CVE-2024-51991

JSON object : View

Products Affected

octobercms

october

CWE

CWE-434

Unrestricted Upload of File with Dangerous Type

{"id": "CVE-2024-51991", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.9, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 1.1, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "LOW", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "UNREPORTED", "providerUrgency": "NOT_DEFINED", "userInteraction": "PASSIVE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "HIGH", "subIntegrityImpact": "LOW", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2025-05-05T17:18:44.853", "references": [{"url": "https://github.com/octobercms/october/security/advisories/GHSA-96hh-8hx5-cpw7", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-434"}]}], "descriptions": [{"lang": "en", "value": "October is a Content Management System (CMS) and web platform. A vulnerability in versions prior to 3.7.5 affects authenticated administrators with sites that have the `media.clean_vectors` configuration enabled. This configuration will sanitize SVG files uploaded using the media manager. This vulnerability allows an authenticated user to bypass this protection by uploading it with a permitted extension (for example, .jpg or .png) and later modifying it to the .svg extension. This vulnerability assumes a trusted user will attack another trusted user and cannot be actively exploited without access to the administration panel and interaction from the other user. This issue has been patched in v3.7.5."}, {"lang": "es", "value": "October es un Sistema de Gesti\u00f3n de Contenido (CMS) y una plataforma web. Una vulnerabilidad en versiones anteriores a la 3.7.5 afecta a los administradores autenticados de sitios que tienen habilitada la configuraci\u00f3n `media.clean_vectors`. Esta configuraci\u00f3n depura los archivos SVG subidos mediante el gestor de contenido multimedia. Esta vulnerabilidad permite a un usuario autenticado eludir esta protecci\u00f3n subi\u00e9ndolos con una extensi\u00f3n permitida (por ejemplo, .jpg o .png) y posteriormente modific\u00e1ndolos a la extensi\u00f3n .svg. Esta vulnerabilidad presupone que un usuario de confianza atacar\u00e1 a otro usuario de confianza y no puede explotarse activamente sin acceso al panel de administraci\u00f3n ni interacci\u00f3n del otro usuario. Este problema se ha corregido en la v3.7.5."}], "lastModified": "2025-09-03T18:54:25.610", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8A066E20-EBDA-411F-B73A-2509B916E66F", "versionEndExcluding": "3.7.5"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}