Lucene search

CVE-2021-32648

🗓️ 26 Aug 2021 00:00:00Reported by AttackerKBType

octobercms password reset vulnerability in october/system package allows account takeover using crafted request. Fixed in Build 472 and v1.1.

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 18
OSV	GHSA-MXR5-MC97-63RC Account Takeover in Octobercms	30 Aug 202116:13	–	osv
OSV	CVE-2021-32648	26 Aug 202119:15	–	osv
OSV	GHSA-H76R-VGF3-J6W5 October CMS auth bypass and account takeover	30 Aug 202116:13	–	osv
Hive Pro Threat Advisories	Ukraine government entities targeted by a destructive malware “Whispergate”	17 Jan 202214:38	–	hivepro
CVE	CVE-2021-32648	26 Aug 202119:15	–	cve
Github Security Blog	Account Takeover in Octobercms	30 Aug 202116:13	–	github
Github Security Blog	October CMS auth bypass and account takeover	30 Aug 202116:13	–	github
Check Point Advisories	October CMS Authentication Bypass (CVE-2021-32648)	2 Feb 202200:00	–	checkpoint_advisories
Cvelist	CVE-2021-32648 Account Takeover in Octobercms	26 Aug 202119:00	–	cvelist
Prion	Design/Logic Flaw	26 Aug 202119:15	–	prion

Source	Link
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
github	www.github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc
github	www.github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374
github	www.github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

26 Aug 2021 00:00Current

9High risk

Vulners AI Score9

CVSS26.4

CVSS38.2 - 9.1

EPSS0.72666