5 matches found
CVE-2022-27978
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...
CVE-2022-27978
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...
Cross site request forgery (csrf)
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...
CVE-2022-27978
Tooljet v1.6 does not properly handle missing values in the API, allowing attackers to arbitrarily reset passwords via a crafted HTTP request...
CVE-2022-27978
Tooljet (v1.6) is affected by an issue described as improper handling of missing values in the API, which enables an attacker to arbitrarily reset user passwords via a crafted HTTP request. The vulnerability is evidenced in CVE-2022-27978 and mapped to a CVSS v3.1 base score of 7.5 (HIGH) with NE...