Lucene search
K

6 matches found

Packet Storm
Packet Storm
added 2020/10/14 12:0 a.m.497 views

NodeBB Forum 1.14.2 Account Takeover

Exploit Title: NodeBB Forum 1.12.2-1.14.2 - Account Takeover Date: 2020-08-18 Exploit Author: Muhammed Eren Uygun Vendor Homepage: https://nodebb.org/ Software Link: https://github.com/NodeBB/NodeBB Version: 1.12.2-1.14.2 Tested on: Linux CVE : CVE-2020-15149 -...

6.5CVSS9.7AI score0.02434EPSS
Exploits2
Exploit DB
Exploit DB
added 2020/10/14 12:0 a.m.490 views

NodeBB Forum 1.12.2-1.14.2 - Account Takeover

Exploit Title: NodeBB Forum 1.12.2-1.14.2 - Account Takeover Date: 2020-08-18 Exploit Author: Muhammed Eren Uygun Vendor Homepage: https://nodebb.org/ Software Link: https://github.com/NodeBB/NodeBB Version: 1.12.2-1.14.2 Tested on: Linux CVE : CVE-2020-15149 -...

9.9CVSS9.7AI score0.02434EPSS
Exploits2
OSV
OSV
added 2020/08/20 1:17 a.m.27 views

CVE-2020-15149

NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an...

9.9CVSS7AI score0.02434EPSS
Exploits2References4
NVD
NVD
added 2020/08/20 1:17 a.m.36 views

CVE-2020-15149

NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an...

9.9CVSS9.6AI score0.02434EPSS
Exploits2References4
Cvelist
Cvelist
added 2020/08/19 5:50 p.m.37 views

CVE-2020-15149 Account takeover in NodeBB

NodeBB before version 1.14.3 has a bug introduced in version 1.12.2 in the validation logic that makes it possible to change the password of any user on a running NodeBB forum by sending a specially crafted socket.io call to the server. This could lead to a privilege escalation event due via an...

9.9CVSS9.6AI score0.02434EPSS
Exploits2References4
CVE
CVE
added 2020/08/19 5:50 p.m.87 views

CVE-2020-15149

NodeBB is affected by CVE-2020-15149 where a bug in the validation logic introduced in 1.12.2 allows changing the password of any user via a crafted socket.io call, enabling privilege escalation/account takeover on running forums. The vulnerability affects NodeBB versions up to 1.14.2 (vulnerable...

9.9CVSS9.6AI score0.02434EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder