CVE-2024-42915

Name of the Vulnerable Software and Affected Versions Staff Appraisal System version 1.0

Description A host header injection vulnerability in the Staff Appraisal System allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This enables attackers to arbitrarily reset other users' passwords and compromise their accounts.

Recommendations For Staff Appraisal System version 1.0, as a temporary workaround, consider restricting access to the password reset functionality until a patch is available. Avoid using crafted password reset links to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.