7 matches found
OctoberCMS - Account Takeover
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5. id:...
CVE-2021-32648
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5...
October CMS Authentication Bypass (CVE-2021-32648)
An authentication bypass vulnerability exists in October CMS. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...
CVE-2021-32648
creationtimestamp| type| source ---|---|--- 2021-08-26 22:27:39+00:00| seen| https://t.me/cibsecurity/27916 2022-01-14 12:46:35+00:00| exploited| https://t.me/RussianOSINT/1142 2022-01-16 16:00:02+00:00| seen| https://t.me/secsocteam/227 2022-01-16 18:19:49+00:00| exploited|...
CVE-2021-32648
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5...
CVE-2021-32648
CVE-2021-32648 affects October CMS (Laravel-based) through the october/system package. An authentication bypass allows an attacker to request a password reset and then take over an account. Patches are available: Build 472 and v1.1.5. Public advisories and CVE trackers consistently describe this ...
CVE-2021-32648 Account Takeover in Octobercms
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5...