GHSA-rp7f-fhm8-9hpf, CVE-2022-33012
packagist/microweber/microweber
Account Takeover Through Password Reset Poisoning
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.
All versions up to 1.2.15
Unfortunately, there is no solution available yet.
2022-11-23
source |