Severity: critical

Privilege Escalation due to Blind NoSQL Injection

flintcms

Overview

Versions of flintcms before version 1.1.10 are vulnerable to account takeover due to blind MongoDB injection in the password reset.

Remediation

Update to version 1.1.10 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. Created

    2018-08-16T19:44:22.135Z
  2. Updated

    2018-08-31T18:18:49.240Z