CVE-2021-32648 – October CMS / October – Weak password recovery mechanism for forgotten password
CVE-2021-32648 is a weak password recovery mechanism for forgotten password vulnerability impacting October CMS versions 1.0.471 through 1.1.1. A proof of concept (PoC) was not observed publicly or in the underground.
Summary:
CVE-2021-32648 is a weak password recovery mechanism for forgotten password vulnerability impacting October CMS versions 1.0.471 through 1.1.1. A proof of concept (PoC) was not observed publicly or in the underground.
PoC Links(if available):
–
Known Counter Measures:
October CMS addressed the vulnerability in October CMS versions 1.0.472 and 1.1.5.
Links to patches(if available)
https://github.com/octobercms/october/releases/tag/v1.0.472
