CVE-2021-32648 – October CMS / October – Weak password recovery mechanism for forgotten password

Click the icon to Follow me:- twitterTelegramRedditDiscord

Summary:

CVE-2021-32648 is a weak password recovery mechanism for forgotten password vulnerability impacting October CMS versions 1.0.471 through 1.1.1. A proof of concept (PoC) was not observed publicly or in the underground.

PoC Links(if available):

Known Counter Measures:

October CMS addressed the vulnerability in October CMS versions 1.0.472 and 1.1.5.

Links to patches(if available)

https://github.com/octobercms/october/releases/tag/v1.0.472