Vulnerability Description
October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Octobercms | October | >= 2.0.0, < 2.1.12 |
Related Weaknesses (CWE)
References
- https://github.com/octobercms/october/security/advisories/GHSA-6gjf-7w99-j7x7Third Party Advisory
- https://octobercms.com/changelogRelease NotesVendor Advisory
- https://github.com/octobercms/october/security/advisories/GHSA-6gjf-7w99-j7x7Third Party Advisory
- https://octobercms.com/changelogRelease NotesVendor Advisory
FAQ
What is CVE-2021-41126?
CVE-2021-41126 is a vulnerability with a CVSS score of 7.2 (HIGH). October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to...
How severe is CVE-2021-41126?
CVE-2021-41126 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-41126?
Check the references section above for vendor advisories and patch information. Affected products include: Octobercms October.