Lucene search
+L

692 matches found

cnvd
cnvd
added 2019/12/05 12:0 a.m.5 views

Strapi Admin Panel Install and Uninstall Plugin Component Remote Code Execution Vulnerability

Strapi is an open source headless content management system CMS. install and Uninstall Plugin is one of the install and uninstall plugin . A remote code execution vulnerability exists in the Install and Uninstall Plugin component of the Admin panel in Strapi, which stems from the program's failur...

9CVSS8.7AI score0.54081EPSS
Exploits11References1
veracode
veracode
added 2019/12/04 1:8 a.m.21 views

OS Command Injection

strapi is vulnerable to OS Command Injection. The vulnerability exists as it does not sanitize nor validate plugin names in installPlugin and uninstallPlugin...

7.2CVSS2.7AI score0.54081EPSS
Exploits11References6Affected Software1
nodejs
nodejs
added 2019/12/03 6:26 p.m.14 views

Command Injection

Overview Versions of strapi before 3.0.0-beta.17.8 are vulnerable to Command Injection. The package fails to sanitize plugin names in the /admin/plugins/install/ route. This may allow an authenticated attacker with admin privileges to run arbitrary commands in the server. Recommendation Upgrade t...

7.1AI score
Exploits0Affected Software1
github
github
added 2019/12/02 6:20 p.m.411 views

Strapi allows unauthenticated attacker to reset admin password without valid reset token

Versions of strapi prior to 3.0.0-beta.17.5 are vulnerable to Privilege Escalation. The password reset routes allows an unauthenticated attacker to reset an admin's password without providing a valid password reset token. Recommendation Upgrade to version 3.0.0-beta.17.5 or later...

9.8CVSS5.4AI score0.97639EPSS
Exploits13References9Affected Software1
osv
osv
added 2019/12/02 6:20 p.m.35 views

GHSA-6XC2-MJ39-Q599 Strapi allows unauthenticated attacker to reset admin password without valid reset token

Versions of strapi prior to 3.0.0-beta.17.5 are vulnerable to Privilege Escalation. The password reset routes allows an unauthenticated attacker to reset an admin's password without providing a valid password reset token. Recommendation Upgrade to version 3.0.0-beta.17.5 or later...

9.8CVSS9.5AI score0.97639EPSS
Exploits13References9
nodejs
nodejs
added 2019/11/08 6:29 p.m.40 views

Privilege Escalation

Overview Versions of strapi prior to 3.0.0-beta.17.5 are vulnerable to Privilege Escalation. The password reset routes allows an unauthenticated attacker to reset an admin's password without providing a valid password reset token. Recommendation Upgrade to version 3.0.0-beta.17.5 or later...

5CVSS9.5AI score0.97639EPSS
Exploits13Affected Software1
veracode
veracode
added 2019/11/08 7:10 a.m.28 views

Privilege Escalation

strapi is vulnerable to privilege escalation. The password reset function allows an attacker to reset any user's password and gain access to the application...

9.8CVSS4.6AI score0.97639EPSS
Exploits13References6Affected Software1
nvd
nvd
added 2019/11/07 10:15 p.m.17 views

CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

9.8CVSS9.6AI score0.97639EPSS
Exploits13References6
osv
osv
added 2019/11/07 10:15 p.m.23 views

CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

9.8CVSS6.9AI score
Exploits0References6
prion
prion
added 2019/11/07 10:15 p.m.22 views

Default credentials

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

7.5CVSS9.5AI score0.97639EPSS
Exploits13References6Affected Software1
cvelist
cvelist
added 2019/11/07 9:2 p.m.27 views

CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

9.6AI score0.97639EPSS
Exploits13References6
cve
cve
added 2019/11/07 9:2 p.m.425 views

CVE-2019-18818

The CVE-2019-18818 vulnerability affects Strapi CMS versions up to 3.0.0-beta.17.5, caused by a mishandling of password resets in admin/Auth.js and users-permissions/Auth.js. This leads to an unauthenticated admin password reset and privilege escalation, enabling unauthorized admin access. Remedi...

9.8CVSS9.3AI score0.97639EPSS
In wildExploits13References6Affected Software1
Rows per page
Query Builder