Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.4
CVSSv3

CVE-2021-29487

Published: 26/08/2021 Updated: 02/08/2022
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.4 | Impact Score: 5.2 | Exploitability Score: 2.2
VMScore: 516
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to October

Vulnerability Summary

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can exploit this vulnerability to bypass authentication and takeover of and user account on an October CMS server. The vulnerability is exploitable by unauthenticated users via a specially crafted request. This only affects frontend users and the attacker must obtain a Laravel secret key for cookie encryption and signing in order to exploit this vulnerability. The issue has been patched in Build 472 and v1.1.5.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

octobercms october

Github Repositories

https://github.com/daftspunk/CVE-2021-32648

Patch your code for October CMS Auth Bypass CVE-2021-32648

CVE-2021-32648 Patch your code for October CMS Auth Bypass CVE-2021-32648 Instructions Open the file vendor/october/rain/src/Auth/Models/Userphp Perform the patch found in these diff notes Save the file Overview You are converting a loose comparison to a strict comparison by replacing two (2) equal signs == with three (3) equal signs === This blocks the attack vector as des

References

NVD-CWE-Otherhttps://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9https://github.com/octobercms/october/security/advisories/GHSA-h76r-vgf3-j6w5https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374https://nvd.nist.govhttps://github.com/daftspunk/CVE-2021-32648
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322administrator privilegesCVE-2024-1579hardcodedCVE-2023-20198CVE-2024-33587CVE-2024-33449CVE-2024-4308HTML injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook