Описание
Privilege Escalation due to Blind NoSQL Injection in flintcms
Versions of flintcms before version 1.1.10 are vulnerable to account takeover due to blind MongoDB injection in the password reset.
Recommendation
Update to version 1.1.10 or later.
Пакеты
Наименование
flintcms
npm
Затронутые версииВерсия исправления
< 1.1.10
1.1.10
Связанные уязвимости
CVSS3: 9.8
nvd
больше 7 лет назад
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.