Vulnerabilities > CVE-2021-32648 - Unspecified vulnerability in Octobercms October

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

octobercms

critical

NVD

Published: 2021-08-26

Updated: 2023-07-07

Summary

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.

Vulnerable Configurations

Part	Description	Count
Application	Octobercms Octobercms October 1.1.1 Octobercms October 1.1.2 Octobercms October 1.1.3 Octobercms October 1.1.4 Octobercms October 1.0.471	5

References

https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9
https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374
https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc

Summary

Vulnerable Configurations

Related news

References