Описание
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.
Ссылки
- PatchThird Party Advisory
- ExploitThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 0.0.1 (включая) до 0.2.56 (включая)
cpe:2.3:a:getmotoradmin:motor_admin:*:*:*:*:*:*:*:*
EPSS
Процентиль: 52%
0.00296
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-116
Связанные уязвимости
CVSS3: 8.8
github
больше 3 лет назад
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.
EPSS
Процентиль: 52%
0.00296
Низкий
6.8 Medium
CVSS2
Дефекты
CWE-116