Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2021-32648

Published: 26/08/2021 Updated: 07/07/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 571
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N
Subscribe to Octobercms

Vulnerability Summary

octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

octobercms october

Github Repositories

https://github.com/Advisory-Newsletter/WhisperGate

WhisperGate Indicators of Compromise SHA256 hash of The installer component for the bootloader - a196c6b8ffcb97ffb276d04f354696e2391311db3841ae16c8c9f56f36a38e92 The destructive wiping operation has the following pseudocode: for i_disk between 0 and total_detected_disk_count do for i_sector between 1 and total_disk_sector_count, i_sector += 199, do overwrite disk i_disk

https://github.com/daftspunk/CVE-2021-32648

Patch your code for October CMS Auth Bypass CVE-2021-32648

CVE-2021-32648 Patch your code for October CMS Auth Bypass CVE-2021-32648 Instructions Open the file vendor/october/rain/src/Auth/Models/Userphp Perform the patch found in these diff notes Save the file Overview You are converting a loose comparison to a strict comparison by replacing two (2) equal signs == with three (3) equal signs === This blocks the attack vector as des

https://github.com/Immersive-Labs-Sec/CVE-2021-32648

Proof Of Concept code for OctoberCMS Auth Bypass CVE-2021-32648

CVE-2021-32648 Proof Of Concept code for OctoberCMS Auth Bypass CVE-2021-32648

https://github.com/cyware-labs/ukraine-russia-cyber-intelligence

Ukraine <> Russia Cyber Intelligence Tracker Introduction Vulnerabilities Exploited Malware's Used Cyber Groups MITRE ATT&CK Techniques Used By Threat Actors IOCs C2C Server Relations Reports & Credits Contribution Introduction: This repository is aimed at curating and tracking threat intelligence published in a single location, enabling def

References

NVD-CWE-Otherhttps://github.com/octobercms/library/commit/5bd1a28140b825baebe6becd4f7562299d3de3b9https://github.com/octobercms/library/commit/016a297b1bec55d2e53bc889458ed2cb5c3e9374https://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rchttps://nvd.nist.govhttps://github.com/Advisory-Newsletter/WhisperGatehttps://github.com/daftspunk/CVE-2021-32648
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook