CVE-2021-32648

Weak Password Recovery Mechanism for Forgotten Password in packagist/october/october

Identifier

CVE-2021-32648

Package Slug

packagist/october/october

Vulnerability

Weak Password Recovery Mechanism for Forgotten Password

Description

octobercms in a CMS platform based on the Laravel PHP Framework. An attacker can request an account password reset and then gain access to the account using a specially crafted request.

Affected Versions

All versions starting from 1.0.471 before 1.0.472, all versions starting from 1.1.1 before 1.1.5

Solution

Upgrade to versions 1.0.472, 1.1.5 or above.

Last Modified

2021-09-03

source