THREAT OPS › CVEs › CVE-2021-32648
CVE-2021-32648 — October CMS Improper Authentication
In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.
Vulnerability details
- Affected productsOctober CMS
- KEV remediation due2022-02-01