CVE-2021-32648

CVSS v2.0

9.4

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:N

Name of the Vulnerable Software and Affected Versions October CMS versions prior to Build 472 and v1.1.5

Description The issue is related to an improper authentication mechanism in the October CMS platform, which is based on the Laravel PHP Framework. An attacker can exploit this by requesting an account password reset and then gaining access to the account using a specially crafted request.

Recommendations For versions prior to Build 472 and v1.1.5, update to Build 472 or v1.1.5 to resolve the issue. As a temporary workaround, consider restricting access to the account password reset feature until the update is applied.

Exploit

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-640

Related Identifiers

BDU:2021-04572

CVE-2021-32648

GHSA-MXR5-MC97-63RC

Affected Products

Laravel Php Framework

October Cms

CVE-2021-32648

Weakness Enumeration

Related Identifiers

Affected Products

References · 17