October CMS Unprotected SVG Rename Vulnerability in Media Manager

A vulnerability exists in October CMS versions prior to 3.7.5, affecting authenticated administrators on sites with the 'media.clean_vectors' configuration enabled. This setting is intended to sanitize SVG files uploaded through the media manager. However, the vulnerability allows an authenticated user to circumvent this protection by initially uploading an SVG file with a permitted extension, such as .jpg or .png, and then renaming it to .svg. The issue arises from the assumption that a trusted user would exploit this flaw to target another trusted user. The vulnerability cannot be actively exploited without access to the administration panel and the involvement of the other user.

Impact

Exploitation of this vulnerability could lead to the upload of malicious SVG files that bypass the intended sanitization, potentially allowing for the execution of harmful scripts or actions on the site.

Remediation

Users can upgrade to October CMS version 3.7.5 or later to address this vulnerability.