CVE-2021-32648

In affected versions of the october/system package an attacker can request an account password reset and then gain access to the account using a specially crafted request. Vendor/Product: October CMS October CMS. Added to CISA KEV 2022-01-18; required action: Apply updates per vendor instructions.