admin/GobyVuls
1
0
Fork 0
mirror of https://github.com/gobysec/GobyVuls.git synced 2025-06-20 09:50:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add CVE-2019-18818

Browse Source
This commit is contained in:
xiaoheihei1107 2021-09-10 14:35:36 +08:00 committed by GitHub
parent dd94f7ef3f
commit 6ca51405da
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 9 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
Strapi/CVE-2019-18818/README.md Normal file
View File

@ -0,0 +1,9 @@
# Strapi 3.0.0 17.4 Password Reset (CVE-2019-18818)
Strapi is an open source headless content management system (CMS), strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
FOFA **query rule**: [banner="X-Powered-By: Strapi <strapi.io>"](https://fofa.so/result?qbase64=YmFubmVyPSJYLVBvd2VyZWQtQnk6IFN0cmFwaSA8c3RyYXBpLmlvPiI%3D)
# Demo
![Strapi_17_4_Password_Reset_CVE_2019_18818](Strapi_17_4_Password_Reset_CVE_2019_18818.gif)