Weak Password Recovery Mechanism for Forgotten Password
octobercms in a CMS platform based on the Laravel PHP Framework. An attacker can request an account password reset and then gain access to the account using a specially crafted request.
All versions starting from 1.0.471 before 1.0.472, all versions starting from 1.1.1 before 1.1.5
Upgrade to versions 1.0.472, 1.1.5 or above.