CVE-2021-41126

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41126

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41126.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41126

Aliases

GHSA-6gjf-7w99-j7x7

Withdrawn

2024-05-15T05:31:56.355923Z

Published

2021-10-06T18:15:11Z

Modified

2023-11-29T09:02:47.777082Z

Severity

7.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

October is a Content Management System (CMS) and web platform built on the the Laravel PHP Framework. In affected versions administrator accounts which had previously been deleted may still be able to sign in to the backend using October CMS v2.0. The issue has been patched in v2.1.12 of the october/october package. There are no workarounds for this issue and all users should update.

References

Affected packages

Git / github.com/octobercms/october

Affected ranges

Type: GIT
Repo: https://github.com/octobercms/october
Events: Introduced

377ed08b67b8e6abd3620109570482d1ca4818fc

Fixed

e0148294b68eeea27204e0c1633186ac66ab4165

Affected versions

v2.*

v2.0.0

v2.0.10

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.27

v2.0.29

v2.0.3

v2.1.0

v2.1.10

v2.1.3

v2.1.5

v2.1.6

v2.1.8