CVE-2021-32648 - October CMS Improper Authentication
Project:October CMS
Product:October CMS
Date Added:2022-01-18Due Date:2022-02-01
Vulnerability Name
October CMS Improper Authentication
Description
In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.
Known To Be Used in Ransomware Campaigns?
Unknown
Action
Apply updates per vendor instructions.
Additional Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-32648