Craft CMS 3.7.36 Password Reset Poisoning Attack

Discussion in 'News Aggregator' started by Packet Storm, 7 May 2022.

  1. Packet Storm

    Packet Storm Guest

    Craft CMS version 3.7.36 suffers from a password reset poisoning vulnerability. An unauthenticated attacker who knows valid email addresses or account names of Craft CMS backend users is able to manipulate the password reset functionality in a way that the registered users of the CMS receive password reset emails containing a malicious password reset link.

    Continue reading...
     

Share This Page

Loading...