Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-3783 Vulnerability in npm package flintcms

Description

A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.

Remediation

References

https://hackerone.com/reports/386807

Related Vulnerabilities

CVE-2021-39231 Vulnerability in maven package org.apache.ozone:ozone-main

CVE-2017-16224 Vulnerability in npm package st

CVE-2022-38749 Vulnerability in maven package org.yaml:snakeyaml

CVE-2022-43183 Vulnerability in maven package com.xuxueli:xxl-job

CVE-2018-20677 Vulnerability in maven package org.webjars.bower:bootstrap-sass

Severity

Critical

Classification

CWE-89 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Patch Third Party Advisory