CVE-2021-41126

Name of the Vulnerable Software and Affected Versions October CMS versions prior to 2.1.12

Description The issue affects administrator accounts in October CMS, which is a Content Management System (CMS) and web platform built on the Laravel PHP Framework. Administrator accounts that had previously been deleted may still be able to sign in to the backend.

Recommendations For versions prior to 2.1.12, update to version 2.1.12 or later to resolve the issue. As a temporary workaround, consider resetting the password of the deleted accounts to prevent them from signing in. If you are unable to upgrade, contact hello@octobercms.com for code change instructions.