What is CVE-2021-32648?

CVE-2021-32648 is a vulnerability in October CMS that allows an attacker to gain unauthorized access to an account using a specially crafted request.

How can an attacker exploit CVE-2021-32648?

An attacker can exploit CVE-2021-32648 by requesting an account password reset and then gaining access to the account using a specially crafted request.

What is the severity of CVE-2021-32648?

CVE-2021-32648 has a severity rating of 9.1 (Critical).

Which versions of October CMS are affected by CVE-2021-32648?

Versions 1.0.471 to 1.0.472 and 1.1.1 to 1.1.5 of October CMS are affected by CVE-2021-32648.

How can I fix CVE-2021-32648?

CVE-2021-32648 has been patched in Build 472 and version 1.1.5 of October CMS, so updating to these versions will fix the vulnerability.

Vulnerability/
CVE-2021-32648

Exploited

critical

9.1

CWE

287

26/8/2021

3/8/2024

CVE-2021-32648: October CMS Improper Authentication

First published: Thu Aug 26 2021(Updated: )

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.

Credit: security-advisories@github.com security-advisories@github.com

Affected Software	Affected Version	How to fix
Octobercms October	>=1.0.471<1.0.472
Octobercms October	>=1.1.1<1.1.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-32648?
CVE-2021-32648 is a vulnerability in October CMS that allows an attacker to gain unauthorized access to an account using a specially crafted request.
How can an attacker exploit CVE-2021-32648?
An attacker can exploit CVE-2021-32648 by requesting an account password reset and then gaining access to the account using a specially crafted request.
What is the severity of CVE-2021-32648?
CVE-2021-32648 has a severity rating of 9.1 (Critical).
Which versions of October CMS are affected by CVE-2021-32648?
Versions 1.0.471 to 1.0.472 and 1.1.1 to 1.1.5 of October CMS are affected by CVE-2021-32648.
How can I fix CVE-2021-32648?
CVE-2021-32648 has been patched in Build 472 and version 1.1.5 of October CMS, so updating to these versions will fix the vulnerability.

collector/nvd-index
agent/type
agent/softwarecombine
agent/description
agent/remedy
agent/author
agent/weakness
agent/title
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/first-publish-date
agent/event
exploited/true
collector/cisa-known-exploited
source/CISA
agent/software-canonical-lookup
agent/references
agent/tags
collector/nvd-cve
source/NVD
vendor/octobercms
canonical/octobercms october
version/octobercms october/1.0.471
version/octobercms october/1.1.1
vendor/october cms
canonical/october cms october cms

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.

CVE-2021-32648: October CMS Improper Authentication

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-32648?

How can an attacker exploit CVE-2021-32648?

What is the severity of CVE-2021-32648?

Which versions of October CMS are affected by CVE-2021-32648?

How can I fix CVE-2021-32648?

Company

Resources

Contact