4 matches found
CVE-2025-22144
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when t...
CVE-2025-22144 Account Takeover in NamelessMC
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when t...
CVE-2025-22144
NamelessMC (web software for Minecraft servers) contains a vulnerability where a user with admincp.core.emails or admincp.users.edit permissions can manually validate another user, causing reset_code to become empty and enabling password reset via the forgot_password endpoint. This can allow an a...
CVE-2025-22144 Account Takeover in NamelessMC
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved by email the reset code is NULL, but when t...