Description
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
Remediation
References
https://hackerone.com/reports/386807
Related Vulnerabilities
CVE-2023-32731 Vulnerability in maven package io.grpc:grpc-protobuf
CVE-2021-3629 Vulnerability in maven package io.undertow:undertow-core
CVE-2021-25646 Vulnerability in maven package org.apache.druid:druid-core
CVE-2020-28500 Vulnerability in npm package lodash
CVE-2017-16192 Vulnerability in npm package getcityapi.yoehoehne