CyberSec.Space Logo
Back to CVE Browser

CVE-2021-32648

Known Exploited (CISA KEV)HIGH
8.2
CVSS Severity Score
EPSS Score31.3140%
EPSS Percentile93.42th
PublishedAug 26, 2021
Last ModifiedOct 24, 2025

Vulnerability Description

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.

Affected Platforms (CPE)

πŸ“¦
Octobercms

October

>= 1.1.1 and < 1.1.5
πŸ“¦
Octobercms

October

= 1.0.471

References & Advisories

πŸ”— https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374
πŸ”— https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9
πŸ”— https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc
πŸ”— https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374
πŸ”— https://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9
πŸ”— https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc
πŸ”— https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-32648

Related Vulnerabilities

CVE-2010-355410.0

Unspecified vulnerability in the CORBA component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and...

CVE-2010-355910.0

Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and...

CVE-2010-355310.0

Unspecified vulnerability in the Swing component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and...

CVE-2010-356210.0

Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1....