Main Vulnerability Database Exploits ID:7253 - Exploit for Weak Password Recovery Mechanism for Forgotten Password in October CMS - CVE-2021-32648

ID:7253 - Exploit for Weak Password Recovery Mechanism for Forgotten Password in October CMS - CVE-2021-32648

Published: January 20, 2022

Vulnerability identifier: #VU56118

Vulnerability risk: High

CVE-ID: CVE-2021-32648

CWE-ID: CWE-640

Exploitation vector: Remote access

Vulnerable software:
October CMS

Link to public exploit:

https://github.com/daftspunk/CVE-2021-32648

Vulnerability description

The vulnerability allows a remote attacker to compromise the affected application.

The vulnerability exists due to a weak password recovery mechanism. A remote attacker can send a specially crafted request to the web application, reset password for an arbitrary account and gain unauthorized access to the application.

Remediation

Install updates from vendor's website.

ID:7253 - Exploit for Weak Password Recovery Mechanism for Forgotten Password in October CMS - CVE-2021-32648

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human