CVE-2022-33012
Account Takeover Through Password Reset Poisoning in packagist/microweber/microweber
Identifiers
GHSA-rp7f-fhm8-9hpf, CVE-2022-33012
Package Slug
packagist/microweber/microweber
Vulnerability
Account Takeover Through Password Reset Poisoning
Description
Microweber v1.2.15 was discovered to allow attackers to perform an account takeover via a host header injection attack.
Affected Versions
All versions up to 1.2.15
Solution
Unfortunately, there is no solution available yet.
Last Modified
2022-11-23
| source |