CVE-2021-32648

🗓️ 26 Aug 2021 19:00:12Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 1107 Views

octobercms in a CMS platform based on the Laravel PHP Framework. An attacker can request an account password reset and gain access to the account using a specially crafted request. Patches available in Build 472 and v1.1.5

Reporter	Title	Published	Views	Family All 23
GithubExploit	Exploit for Improper Authentication in Octobercms October	14 Jan 202215:50	–	githubexploit
ICS	Russian Military Cyber Actors Target US and Global Critical Infrastructure	5 Sep 202412:00	–	ics
ATTACKERKB	CVE-2021-32648	26 Aug 202100:00	–	attackerkb
Circl	CVE-2021-32648	26 Aug 202122:27	–	circl
CISA KEV Catalog	October CMS Improper Authentication	18 Jan 202200:00	–	cisa_kev
CISA	CISA Adds 13 Known Exploited Vulnerabilities to Catalog	18 Jan 202200:00	–	cisa
CNNVD	Octobercms 安全漏洞	26 Aug 202100:00	–	cnnvd
Check Point Advisories	October CMS Authentication Bypass (CVE-2021-32648)	2 Feb 202200:00	–	checkpoint_advisories
Cvelist	CVE-2021-32648 Account Takeover in Octobercms	26 Aug 202119:00	–	cvelist
Github Security Blog	October CMS auth bypass and account takeover	30 Aug 202116:13	–	github

NVD

Vulners

Node

octobercms octoberRange1.1.1–1.1.5

octobercms octoberMatch1.0.471

[
  {
    "product": "october",
    "vendor": "octobercms",
    "versions": [
      {
        "status": "affected",
        "version": ">= 1.0.471, < 1.0.472"
      },
      {
        "status": "affected",
        "version": ">= 1.1.1, < 1.1.5"
      }
    ]
  }
]

Source	Link
github	www.github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374
github	www.github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc
github	www.github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9
cisa	www.cisa.gov/known-exploited-vulnerabilities-catalog

24 Oct 2025 14:47Current

8.9High risk

Vulners AI Score8.9

CVSS 26.4

CVSS 3.18.2 - 9.1

EPSS0.93036

SSVC