Description
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
Remediation
References
https://hackerone.com/reports/386807
Related Vulnerabilities
CVE-2021-29443 Vulnerability in npm package jose
CVE-2020-29204 Vulnerability in maven package com.xuxueli:xxl-job-admin
CVE-2021-44548 Vulnerability in maven package org.apache.solr:solr-core
CVE-2023-36812 Vulnerability in maven package net.opentsdb:opentsdb
CVE-2022-41254 Vulnerability in maven package org.jenkins-ci.plugins:cons3rt