THREATOPS
THREAT OPSCVEs › CVE-2021-32648

CVE-2021-32648 — October CMS Improper Authentication

CISA KEVExploited: confirmedOctober CMS

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.

Vulnerability details