CVE-2021-29487

Improper Authentication in packagist/october/october

Identifier

CVE-2021-29487

Package Slug

packagist/october/october

Vulnerability

Improper Authentication

Description

octobercms in a CMS platform based on the Laravel PHP Framework. There exists a vulnerability that is exploitable by unauthenticated users via a specially crafted request. This only affects frontend users and the attacker must obtain a Laravel secret key for cookie encryption and signing in order to exploit this vulnerability.

Affected Versions

All versions starting from 1.0.471 before 1.0.472, all versions starting from 1.1.1 before 1.1.5

Solution

Upgrade to versions 1.0.472, 1.1.5 or above.

Last Modified

2021-09-03

source