October CMS Twig Sandbox Bypass Vulnerability Allowing Arbitrary PHP Execution

A vulnerability exists in October CMS versions 1.0.319 prior to 1.0.469, allowing authenticated backend users with certain permissions to bypass the Twig sandbox and execute arbitrary PHP code. This issue arises when 'cms.enableSafeMode' is enabled, as it should prevent such actions. The vulnerability can be exploited by users with 'cms.manage_pages', 'cms.manage_layouts', or 'cms.manage_partials' permissions who are not trusted to write and execute PHP code. The problem has been addressed in version 1.0.469 and 1.1.0.

Impact

Exploitation of this vulnerability allows for arbitrary PHP code execution on the server.

Remediation

Users can upgrade to October CMS version 1.0.469 or 1.1.0 to address this vulnerability. Alternatively, if an upgrade is not possible, the patch available in the October CMS GitHub repository can be applied manually.