Silic0Ns0Ldier

**Name of the Vulnerable Software and Affected Versions** Userfrosting versions v0.3.1 through v4.6.2 **Description** The issue allows an unauthenticated attacker to take over a victim's account by exploiting the "forgot password" functionality. This is achieved by luring a victim application user to click on a link, enabling the attacker to reset the victim's password. **Recommendations** For versions v0.3.1 through v4.6.2, consider disabling the "forgot password" functionality until a patch is available to prevent exploitation. Restrict access to the affected functionality to minimize the risk of account takeover.