mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-07 11:06:19 +00:00
962 B
962 B
CVE-2020-13961
Description
Strapi before 3.0.2 could allow a remote authenticated attacker to bypass security restrictions because templates are stored in a global variable without any sanitation. By sending a specially crafted request, an attacker could exploit this vulnerability to update the email template for both password reset and account confirmation emails.
POC
Reference
- https://github.com/strapi/strapi/pull/6599
- https://github.com/strapi/strapi/pull/6599
- https://github.com/strapi/strapi/releases/tag/v3.0.2
- https://github.com/strapi/strapi/releases/tag/v3.0.2
Github
No PoCs found on GitHub currently.