CVE - CVE-2021-32648

CVE-ID
CVE-2021-32648	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
CONFIRM:https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc URL:https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc MISC:https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374 URL:https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374 MISC:https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9 URL:https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20210512	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20210512)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)