cbcvebase.
CVE-2021-41126
published 2021-10-06

CVE-2021-41126: October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had…

PriorityP339high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
1.06%
60.2th percentile
October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update.

Affected

4 ranges
VendorProductVersion rangeFixed in
octoberoctober>= 2.1.0 < 2.1.122.1.12
octobersystem>= 2.1.0 < 2.1.122.1.12
octobercmsoctober
octobercmsoctober>= 2.0.0 < 2.1.122.1.12

CVSS provenance

nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.