Title:Account Takeover in Octobercms (CVE-2021-32648) Description:octobercms in a CMS platform based on the Laravel PHP Framework. In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. The issue has been patched in Build 472 and v1.1.5.
Description
Proof Of Concept code for OctoberCMS Auth Bypass CVE-2021-32648
Readme
# CVE-2021-32648
Proof Of Concept code for OctoberCMS Auth Bypass CVE-2021-32648
File Snapshot
Log in to view the POC file snapshot cached by Shenlong Bot
1. It is advised to access via the original source first.2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →