Main Vulnerability Database Vulnerabilities #VU57098

#VU57098 Improper Authorization in October CMS - CVE-2021-41126

Published: October 6, 2021 / Updated: May 26, 2022

Vulnerability identifier: #VU57098

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-41126

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
October CMS

Software vendor:
OctoberCMS

Description

The vulnerability allows a remote user to compromise the affected application.

The vulnerability exists due to improper authorization. An attacker who previously had an administrative account with access to the admin interface is able to sign in to the backend using October CMS v2.0 even after the account has been deleted.

Remediation

Install updates from vendor's website.

External links

https://github.com/octobercms/october/security/advisories/GHSA-6gjf-7w99-j7x7/

#VU57098 Improper Authorization in October CMS - CVE-2021-41126

Description

Remediation

External links

Please verify you're human