CVE-2021-32648 — Actively Exploited: October CMS (October CMS)
In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request.
| CVE ID | CVE-2021-32648 |
|---|---|
| Vendor | October CMS |
| Product | October CMS |
| Vulnerability name | October CMS Improper Authentication |
| Date added | 2022-01-18 |
| Remediation due | 2022-02-01 |
| Known ransomware use | Unknown |
| Required action | Apply updates per vendor instructions. |
| Description | In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. |
| Source | CISA Known Exploited Vulnerabilities |
🔍 Search all exploited vulnerabilities →
$1499/mo
Try ExploitWatch →