VDB-283888 | CrushFTP up to 10.8.2/11.2.2 Reset Email password recovery

Inserito da Angelo Barbosa | Nov 11, 2024 | CVE

A vulnerability classified as problematic was found in CrushFTP up to 10.8.2/11.2.2. This vulnerability affects unknown code of the component Reset Email Handler. The manipulation leads to weak password recovery.

The attack needs to be done within the local network. There is no exploit available.

It is recommended to upgrade the affected component.

VDB-283888 | CrushFTP up to 10.8.2/11.2.2 Reset Email password recovery

Post correlati

CVE-2023-50343 | HCL DRYiCE MyXalytics 5.9/6.0/6.1 API Endpoint access control (KB0109608)

CVE-2024-3368 | All in One SEO Plugin up to 4.6.1.0 on WordPress Post Field cross site scripting

CVE-2024-35727 | actpro Extra Product Options for WooCommerce Plugin up to 3.0.6 on WordPress authorization

CVE-2023-6687 | Elastic Agent up to 7.17.15/8.11.2 HTTP Status Code log file