Vulnerability DatabaseCVE-2022-23655

CVE-2022-23655:
PHP vulnerability analysis and mitigation

Overview

Octobercms, a self-hosted CMS platform based on the Laravel PHP Framework, was found to have a vulnerability where a compromised gateway could cause data breaches. The vulnerability (CVE-2022-23655) affected versions 1.0.474 and 1.1.10, and was discovered and disclosed on February 23, 2022. The issue impacted authors of plugins and themes listed on the October CMS marketplace, where end-users could inadvertently expose authors to potential financial loss by entering their private license keys into a compromised server (GitHub Advisory).

Technical details

The vulnerability involved a project fork of October CMS v1.0 using a compromised gateway to access the October CMS marketplace service. The attack utilized a "man in the middle" mechanism where the compromised gateway server would capture information while forwarding requests to the genuine October CMS gateway and relaying responses back to the client. The compromised server would store license keys, client information (name, email), and contents of purchased plugins and privately uploaded plugin files (GitHub Advisory).

Impact

The vulnerability allowed attackers to capture personal and business information of users and authors, including private source code files. Additionally, captured plugin files were being freely redistributed to other users without authorization. This posed significant risks to intellectual property and could lead to financial losses for plugin and theme authors (GitHub Advisory).

Mitigation and workarounds

The vulnerability was patched in versions 1.0.475 and 1.1.11. For users unable to upgrade, a manual patch (commit e3b455a) could be applied. Users were advised to not share their license keys with anyone except October CMS, verify their gateway update server hadn't been modified, and be aware of phishing websites. Plugin authors were recommended to verify legitimate plugin ownership before providing support (GitHub Advisory).

Community reactions

The vulnerability was researched and reported by security researchers Vladimir Pyankov and Nikita Khaetsky (GitHub Advisory).

Additional resources

Source: This report was generated using AI

Related PHP vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-21857	HIGH	8.3	PHP	redaxo/source	No	Yes	Jan 07, 2026
CVE-2025-61676	MEDIUM	6.1	PHP	october/system	No	Yes	Jan 10, 2026
CVE-2025-61674	MEDIUM	6.1	PHP	october/system	No	Yes	Jan 10, 2026
CVE-2026-21896	MEDIUM	5.8	PHP	getkirby/cms	No	Yes	Jan 08, 2026
CVE-2026-22242	MEDIUM	4.9	PHP	coreshop/core-shop	No	Yes	Jan 08, 2026

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

A threat intelligence database

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."

David EstlickCISO

"Wiz provides a single pane of glass to see what is going on in our cloud environments."

Adam FletcherChief Security Officer

"We know that if Wiz identifies something as critical, it actually is."

Greg PoniatowskiHead of Threat and Vulnerability Management

Get a demo

CVE-2022-23655: PHP vulnerability analysis and mitigation