CVE-2018-3783

CRITICAL LAB

Flintcms < 1.1.9 - SQL Injection

Title source: rule

Description

A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.

Exploits (1)

nomisec WORKING POC 4 stars
by nisaruj · poc
https://github.com/nisaruj/nosqli-flintcms

References (1)

Scores

CVSS v3 9.8
EPSS 0.0333
EPSS Percentile 87.3%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Lab Environment

COMMUNITY
Community Lab
docker pull mongo:4.2.23

Details

CWE
CWE-89
Status published
Products (2)
flintcms/flintcms < 1.1.9
npm/flintcms 0 - 1.1.10npm
Published Aug 17, 2018
Tracked Since Feb 18, 2026