Vulnerabilities

CVE-2024-28270

by Fred · 08/04/2024

An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.

More information : https://github.com/bcvgh/web-flash-Broken-Access-Control-vulnerability/

Similar

Tags: Cybersecurity Alert