CVE-2022-1670

When generating a user invitation code in Octopus Server, the validity of this code can be set for a specific number of users. It was possible to bypass this restriction of validity to create extra user accounts above the initial number of invited users...

Caught on the web of any user of the password reset vulnerability-vulnerability warning-the black bar safety net

Phone reset password password reset operation is not associated with a specific phone number, the lead can be reset to any phone registration account password. 1. The following url returns a result, you can traverse all the mobile phones registered account: http://api1.fun.tv/ajax/getmobilevcode/...