CVE-2021-32648 is a weak password recovery mechanism for forgotten password vulnerability impacting October CMS versions 1.0.471 through 1.1.1. A proof of concept (PoC) was not observed publicly or in the underground.
PoC Links(if available):
Known Counter Measures:
October CMS addressed the vulnerability in October CMS versions 1.0.472 and 1.1.5.
Links to patches(if available)