Add CVE-2019-18818

2025-06-20 09:50:49 +00:00 · 2021-09-10 14:35:36 +08:00 · 2021-09-10 14:35:36 +08:00 · 6ca51405da
commit 6ca51405da
parent dd94f7ef3f
1 changed files with 9 additions and 0 deletions
--- a/Strapi/CVE-2019-18818/README.md
+++ b/Strapi/CVE-2019-18818/README.md
@ -0,0 +1,9 @@
+# Strapi 3.0.0 17.4 Password Reset (CVE-2019-18818)
+
+Strapi is an open source headless content management system (CMS), strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.
+
+FOFA **query rule**: [banner="X-Powered-By: Strapi <strapi.io>"](https://fofa.so/result?qbase64=YmFubmVyPSJYLVBvd2VyZWQtQnk6IFN0cmFwaSA8c3RyYXBpLmlvPiI%3D)
+
+# Demo
+
+![Strapi_17_4_Password_Reset_CVE_2019_18818](Strapi_17_4_Password_Reset_CVE_2019_18818.gif)