← volver
CVE-2022-23079

motoradmin - host header Injection in the reset password functionality

EPSS 1.3%CWE-116
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.
Productos afectados
motor-admin · motor-admin

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/motor-admin/motor-admin/commit/a461b7507940a1fa062836daa89c82404fe3ecf9https://www.mend.io/vulnerability-database/CVE-2022-23079