← back
CVE-2022-23079

motoradmin - host header Injection in the reset password functionality

EPSS 1.3%CWE-116
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.
Affected products
motor-admin · motor-admin

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/motor-admin/motor-admin/commit/a461b7507940a1fa062836daa89c82404fe3ecf9https://www.mend.io/vulnerability-database/CVE-2022-23079