From 6ca51405da097106dce80793d4ab8dea7b8ac5c0 Mon Sep 17 00:00:00 2001
From: xiaoheihei1107 <62200676+xiaoheihei1107@users.noreply.github.com>
Date: Fri, 10 Sep 2021 14:35:36 +0800
Subject: [PATCH] Add CVE-2019-18818

---
 Strapi/CVE-2019-18818/README.md | 9 +++++++++
 1 file changed, 9 insertions(+)
 create mode 100644 Strapi/CVE-2019-18818/README.md

diff --git a/Strapi/CVE-2019-18818/README.md b/Strapi/CVE-2019-18818/README.md
new file mode 100644
index 0000000..1e49676
--- /dev/null
+++ b/Strapi/CVE-2019-18818/README.md
@@ -0,0 +1,9 @@
+# Strapi 3.0.0 17.4 Password Reset (CVE-2019-18818)
+
+Strapi is an open source headless content management system (CMS), strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
+
+FOFA **query rule**: [banner="X-Powered-By: Strapi <strapi.io>"](https://fofa.so/result?qbase64=YmFubmVyPSJYLVBvd2VyZWQtQnk6IFN0cmFwaSA8c3RyYXBpLmlvPiI%3D)
+
+# Demo
+
+![Strapi_17_4_Password_Reset_CVE_2019_18818](Strapi_17_4_Password_Reset_CVE_2019_18818.gif)