Mongodb · Flintcms · CVE-2018-3783
**Name of the Vulnerable Software and Affected Versions**
flintcms versions <= 1.1.9
flintcms versions before 1.1.10
**Description**
A privilege escalation issue allows account takeover due to blind MongoDB injection in the password reset.
**Recommendations**
Update to version 1.1.10 or later.