PT-2018-16200 · Mongodb · Flintcms

Becojo

·

Published

2018-08-17

·

Updated

2019-10-03

·

CVE-2018-3783

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions flintcms versions <= 1.1.9 flintcms versions before 1.1.10
Description A privilege escalation issue allows account takeover due to blind MongoDB injection in the password reset.
Recommendations Update to version 1.1.10 or later.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2018-3783
GHSA-JHQ3-57XH-6643

Affected Products

Flintcms