CVE-2021-32648 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2021-32648

CVE-2021-32648

August 26, 2021

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.

Related Resources (6)

https://github.com/octobercms/october

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-32648

https://nvd.nist.gov/vuln/detail/CVE-2021-32648

https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc

https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374

https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9

Do you need more information?

CVSS v4

Base Score:

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

Exploit Maturity

ATTACKED

CVSS v3

Base Score:

8.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Exploit Maturity

HIGH

CVSS v2

Base Score:

6.4

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

Weakness Type (CWE)

Improper Authentication

CWE-287

EPSS

Base Score:

93.04

Products

Solutions

Resources

Company

Compare

Developer Tools