Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

NVD
NVDadded 2021/08/26 7:15 p.m.14 views

CVE-2021-29487

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated...

7.4CVSS0.00503EPSS
Exploits0References3
CVE
CVEadded 2021/08/26 7:0 p.m.77 views

CVE-2021-29487

CVE-2021-29487 affects the October CMS platform (october/system) and enables an unauthenticated attacker to bypass authentication and take over a frontend user account. The exploit relies on obtaining Laravel’s secret key for cookie encryption/signing. The vulnerability has been patched in Build ...

7.4CVSS7.7AI score0.00503EPSS
Exploits0References3Affected Software1
CVE
CVEadded 2021/08/26 7:0 p.m.1107 views

CVE-2021-32648

CVE-2021-32648 affects October CMS (Laravel-based) through the october/system package. An authentication bypass allows an attacker to request a password reset and then take over an account. Patches are available: Build 472 and v1.1.5. Public advisories and CVE trackers consistently describe this ...

9.1CVSS8.9AI score0.93036EPSS
In wildExploits1References4Affected Software1
ATTACKERKB
ATTACKERKBadded 2021/08/26 12:0 a.m.150 views

CVE-2021-32648

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. Recent...

9.1CVSS9AI score0.93036EPSS
In wildExploits1References4
CNNVD
CNNVDadded 2021/08/26 12:0 a.m.3 views

October CMS 安全漏洞

October CMS is an open source content management system CMS based on PHP and the Laravel web application framework. October CMS has a security vulnerability that can be exploited by an attacker to bypass authentication and user account takeover on the server via a crafted request. An attacker mus...

7.4CVSS7.3AI score0.00503EPSS
Exploits0References4
Positive Technologies
Positive Technologiesadded 2021/08/26 12:0 a.m.3 views

PT-2021-4044

Name of the Vulnerable Software and Affected Versions: October CMS versions prior to Build 472 and v1.1.5 Description: The issue is related to an improper authentication mechanism in the October CMS platform, which is based on the Laravel PHP Framework. An attacker can exploit this by requesting ...

9.4CVSS9.8AI score0.93036EPSS
Exploits1References17
OSV
OSVadded 2021/02/10 2:32 a.m.94 views

GHSA-7GGW-H8PP-R95R October CMS Session ID not invalidated after logout

Impact When logging out, the session ID was not invalidated. This is not a problem while the user is logged out, but as soon as the user logs back in the old session ID would be valid again; which means that anyone that gained access to the old session cookie would be able to act as the logged in...

9.8CVSS9.5AI score0.01522EPSS
Exploits1References7
Rows per page
Query Builder