692 matches found
Strapi Admin Panel Install and Uninstall Plugin Component Remote Code Execution Vulnerability
Strapi is an open source headless content management system CMS. install and Uninstall Plugin is one of the install and uninstall plugin . A remote code execution vulnerability exists in the Install and Uninstall Plugin component of the Admin panel in Strapi, which stems from the program's failur...
OS Command Injection
strapi is vulnerable to OS Command Injection. The vulnerability exists as it does not sanitize nor validate plugin names in installPlugin and uninstallPlugin...
Command Injection
Overview Versions of strapi before 3.0.0-beta.17.8 are vulnerable to Command Injection. The package fails to sanitize plugin names in the /admin/plugins/install/ route. This may allow an authenticated attacker with admin privileges to run arbitrary commands in the server. Recommendation Upgrade t...
Strapi allows unauthenticated attacker to reset admin password without valid reset token
Versions of strapi prior to 3.0.0-beta.17.5 are vulnerable to Privilege Escalation. The password reset routes allows an unauthenticated attacker to reset an admin's password without providing a valid password reset token. Recommendation Upgrade to version 3.0.0-beta.17.5 or later...
GHSA-6XC2-MJ39-Q599 Strapi allows unauthenticated attacker to reset admin password without valid reset token
Versions of strapi prior to 3.0.0-beta.17.5 are vulnerable to Privilege Escalation. The password reset routes allows an unauthenticated attacker to reset an admin's password without providing a valid password reset token. Recommendation Upgrade to version 3.0.0-beta.17.5 or later...
Privilege Escalation
Overview Versions of strapi prior to 3.0.0-beta.17.5 are vulnerable to Privilege Escalation. The password reset routes allows an unauthenticated attacker to reset an admin's password without providing a valid password reset token. Recommendation Upgrade to version 3.0.0-beta.17.5 or later...
Privilege Escalation
strapi is vulnerable to privilege escalation. The password reset function allows an attacker to reset any user's password and gain access to the application...
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...
Default credentials
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...
CVE-2019-18818
strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...
CVE-2019-18818
The CVE-2019-18818 vulnerability affects Strapi CMS versions up to 3.0.0-beta.17.5, caused by a mishandling of password resets in admin/Auth.js and users-permissions/Auth.js. This leads to an unauthenticated admin password reset and privilege escalation, enabling unauthorized admin access. Remedi...