Description
A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
Remediation
References
https://hackerone.com/reports/386807
Related Vulnerabilities
CVE-2018-19048 Vulnerability in maven package org.webjars:simditor
CVE-2022-31367 Vulnerability in npm package strapi
CVE-2023-43794 Vulnerability in npm package nocodb
CVE-2023-34104 Vulnerability in maven package org.webjars.npm:fast-xml-parser
CVE-2016-7103 Vulnerability in maven package org.webjars.npm:jquery-ui