Multiple vulnerabilities in October CMS
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2021-32648 CVE-2021-29487 |
| CWE-ID | CWE-640 CWE-287 |
| Exploitation vector | Network |
| Public exploit | Vulnerability #1 is being exploited in the wild. |
| Vulnerable software Subscribe |
October CMS Web applications / CMS |
| Vendor | OctoberCMS |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Weak Password Recovery Mechanism for Forgotten Password
EUVDB-ID: #VU56118
Risk: High
CVSSv3.1: 7.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32648
CWE-ID:
CWE-640 - Weak password recovery mechanism
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to compromise the affected application.
The vulnerability exists due to a weak password recovery mechanism. A remote attacker can send a specially crafted request to the web application, reset password for an arbitrary account and gain unauthorized access to the application.
Install updates from vendor's website.
Vulnerable software versionsOctober CMS: 1.0.319 - 1.1.4
External linkshttp://github.com/octobercms/october/security/advisories/GHSA-mxr5-mc97-63rc/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper Authentication
EUVDB-ID: #VU56117
Risk: Medium
CVSSv3.1: 5.9 [CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-29487
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass authentication process and impersonate another user.
The vulnerability exists due to an error when handling authorization via persist cookies. A remote attacker can impersonate another application user and gain unauthorized access to the application.
Successful exploitation of the vulnerability requires knowledge of the Laravel’s secret key for cookie encryption and signing, and that a targeted user account is logged in during vulnerability exploitation.
Install updates from vendor's website.
Vulnerable software versionsOctober CMS: 1.0.319 - 1.1.4
External linkshttp://github.com/octobercms/october/security/advisories/GHSA-h76r-vgf3-j6w5/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
