Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.11 views

CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

9.8CVSS7AI score0.97639EPSS
Exploits13References1
Metasploit
Metasploit
added 2024/11/21 6:54 p.m.386 views

Strapi CMS Unauthenticated Password Reset

This module abuses the mishandling of a password reset request for Strapi CMS version 3.0.0-beta.17.4 to change the password of the admin user. Successfully tested against Strapi CMS version 3.0.0-beta.17.4. Module Options msf use auxiliary/scanner/http/strapi3passwordreset msf...

9.8CVSS8.4AI score0.97639EPSS
Exploits13
Circl
Circl
added 2022/06/18 10:22 a.m.204 views

CVE-2019-18818

creationtimestamp| type| source ---|---|--- 2022-06-18 10:22:36+00:00| published-proof-of-concept| https://t.me/arm1tage/129 2024-02-05 16:16:29+00:00| seen| https://t.me/ctinow/179297 2024-11-14 06:10:00+00:00| seen| MISP/e95bd878-d7d0-432b-98eb-5357f4615dad 2024-11-21 12:42:37+00:00| seen|...

9.8CVSS7.3AI score0.97639EPSS
In wildExploits13References6
Packet Storm
Packet Storm
added 2021/08/31 12:0 a.m.173 views

Strapi 3.0.0-beta Authentication Bypass

Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "[email protected]...

9.8CVSS0.7AI score0.97639EPSS
Exploits13
0day.today
0day.today
added 2021/08/30 12:0 a.m.335 views

Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (Unauthenticated) Exploit

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-18818, CVE-2019-19609...

9.8CVSS0.2AI score0.97639EPSS
Exploits21
Packet Storm
Packet Storm
added 2021/08/30 12:0 a.m.343 views

Strapi CMS 3.0.0-beta.17.4 Remote Code Execution

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...

9.8CVSS8.4AI score0.97639EPSS
Exploits21
Exploit DB
Exploit DB
added 2021/08/30 12:0 a.m.1424 views

Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution (RCE) (Unauthenticated)

Exploit Title: Strapi CMS 3.0.0-beta.17.4 - Remote Code Execution RCE Unauthenticated Date: 2021-08-30 Exploit Author: Musyoka Ian Vendor Homepage: https://strapi.io/ Software Link: https://strapi.io/ Version: Strapi CMS version 3.0.0-beta.17.4 or lower Tested on: Ubuntu 20.04 CVE : CVE-2019-1881...

9.8CVSS8.4AI score0.97639EPSS
Exploits21
Exploit DB
Exploit DB
added 2021/08/30 12:0 a.m.299 views

Strapi 3.0.0-beta - Set Password (Unauthenticated)

Exploit Title: Strapi 3.0.0-beta - Set Password Unauthenticated Date: 2021-08-29 Exploit Author: David Anglada CodiObert Vendor Homepage: https://strapi.io/ Version: 3.0.0-beta Tested on: Linux CVE: CVE-2019-18818 !/usr/bin/python import requests import sys import json userEmail = "[email protected]...

9.8CVSS9.5AI score0.97639EPSS
Exploits13
GithubExploit
GithubExploit
added 2021/08/29 11:30 p.m.116 views

Exploit for Weak Password Recovery Mechanism for Forgotten Password in Strapi

CVE-2019...

9.8CVSS1.3AI score0.97639EPSS
Exploits13
Node.js
Node.js
added 2019/11/08 6:29 p.m.39 views

Privilege Escalation

Overview Versions of strapi prior to 3.0.0-beta.17.5 are vulnerable to Privilege Escalation. The password reset routes allows an unauthenticated attacker to reset an admin's password without providing a valid password reset token. Recommendation Upgrade to version 3.0.0-beta.17.5 or later...

5CVSS9.5AI score0.97639EPSS
Exploits13Affected Software1
OSV
OSV
added 2019/11/07 10:15 p.m.23 views

CVE-2019-18818

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js...

9.8CVSS6.9AI score
Exploits0References6
Rows per page
Query Builder