flintcms@1.1.9 vulnerabilities
Content-Focused CMS built on Node.js
-
latest version
1.1.11
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
5 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the flintcms package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
flintcms is a CMS built to be easy to use and super flexible. Affected versions of this package are vulnerable to Privilege Escalation due to lack of user input sanitization in the route that verifies the password reset token. The value from the parameter is directly sent to the Mongoose API which allows a user to insert MongoDB query operators. These operators can be used to extract the value of the field blindly in the same manner of a blind SQL injection. How to fix Privilege Escalation? Upgrade |
<1.1.10
|
flintcms is a CMS built to be easy to use and super flexible. Affected versions of this package are vulnerable to Privilege Escalation due to lack of user input sanitization in the route that verifies the password reset token. The value from the parameter is directly sent to the Mongoose API which allows a user to insert MongoDB query operators. These operators can be used to extract the value of the field blindly in the same manner of a blind SQL injection. How to fix Privilege Escalation? Upgrade |
<1.1.10
|