CVE-2017-1000195

October CMS build 412 is vulnerable to PHP object injection in asset move functionality resulting in ability to delete files limited by file permissions on the server. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt