← ExploitWatch
HomeExploited Vulnerabilities

CVE-2021-32648 — Actively Exploited: October CMS (October CMS)

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.

CVE IDCVE-2021-32648
VendorOctober CMS
ProductOctober CMS
Vulnerability nameOctober CMS Improper Authentication
Date added2022-01-18
Remediation due2022-02-01
Known ransomware useUnknown
Required actionApply updates per vendor instructions.
DescriptionIn affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →