CVE-2021-41126

Опубликовано: 06 окт. 2021

Источник: nvd

CVSS3: 7.2

CVSS2: 6.5

EPSS Низкий

Описание

October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update.

Ссылки

https://github.com/octobercms/october/security/advisories/GHSA-6gjf-7w99-j7x7
Third Party Advisory
https://octobercms.com/changelog
Release Notes
Vendor Advisory
https://github.com/octobercms/october/security/advisories/GHSA-6gjf-7w99-j7x7
Third Party Advisory
https://octobercms.com/changelog
Release Notes
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:octobercms:october:*:*:*:*:*:*:*:*

Версия от 2.0.0 (включая) до 2.1.12 (исключая)

EPSS

Процентиль: 65%

0.00485

Низкий

7.2 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-6gjf-7w99-j7x7