CVE-2022-29933

HIGH Year: 2022
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-640
View all →

Vulnerability Description

Craft CMS through 3.7.36 allows a remote unauthenticated attacker, who knows at least one valid username, to reset the account's password and take over the account by providing a crafted HTTP header to the application while using the password reset functionality. Specifically, the attacker must send X-Forwarded-Host to the /index.php?p=admin/actions/users/send-password-reset-email URI. NOTE: the vendor's position is that a customer can already work around this by adjusting the configuration (i.e., by not using the default configuration).

Related Vulnerabilities

CVE-2017-12850

HIGH
CVSS:8.8(High)

An authenticated standard user could reset the password of other users (including the admin) by altering form data. Affects kanboard before 1.0.46.

CWE-6402017

CVE-2017-12851

HIGH
CVSS:8.8(High)

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46.

CWE-6402017

CVE-2017-7615

HIGH
CVSS:8.8(High)

MantisBT through 2.3.0 allows arbitrary password reset and unauthenticated admin access via an empty confirm_hash value to verify.php.

CWE-6402017

CVE-2018-0787

HIGH
CVSS:8.8(High)

ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how web applications that are created from templates validate web requests, aka "ASP.NET Core Elevation Of Privilege...

CWE-6402018

CVE-2018-11134

HIGH
CVSS:8.8(High)

In order to perform actions that requires higher privileges, the Quest KACE System Management Appliance 8.0.318 relies on a message queue managed that runs with root privileges and only allows a set o...

CWE-6402018

CVE-2018-17401

HIGH
CVSS:8.8(High)

The PhonePe wallet (aka com.PhonePe.app) application 3.0.6 through 3.3.26 for Android might allow attackers to perform Account Takeover attacks by exploiting its Forgot Password feature. NOTE: the ven...

CWE-6402018