cve/2018/CVE-2018-3783.md

CVE-2018-3783

Description

A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.

POC

Reference

• https://hackerone.com/reports/386807

Github

• https://github.com/0xT11/CVE-POC
• https://github.com/developer3000S/PoC-in-GitHub
• https://github.com/hectorgie/PoC-in-GitHub
• https://github.com/nisaruj/nosqli-flintcms
• https://github.com/ossf-cve-benchmark/CVE-2018-3783