PT-2022-15835 · Unknown · Motor-Admin

Published

2022-06-22

Updated

2022-06-29

CVE-2022-23079

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions motor-admin versions 0.0.1 through 0.2.56

Description The issue concerns host header injection in the password reset functionality. A malicious actor can exploit this to send fake password reset emails to arbitrary victims.

Recommendations For motor-admin versions 0.0.1 through 0.2.56, consider disabling the password reset functionality until a patch is available to prevent exploitation. Restrict access to the password reset module to minimize the risk of fake password reset emails being sent to victims.

Exploit

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116

Related Identifiers

CVE-2022-23079

Affected Products

Motor-Admin

PT-2022-15835 · Unknown · Motor-Admin

CVE-2022-23079

Weakness Enumeration

Related Identifiers

Affected Products

References · 5