CVE-2019-18818

This Metasploit module exploits an unauthenticated password reset vulnerability in Strapi CMS 3.0.0-beta.17.4 by sending a crafted JSON payload to the reset-password endpoint, allowing an attacker to change the admin password.

This exploit targets Strapi 3.0.0-beta and 3.0.0-alpha by leveraging an unauthenticated password reset vulnerability (CVE-2019-18818). It sends a password reset request and sets a new password without requiring authentication.

This PoC exploits an authentication bypass vulnerability in Strapi CMS by sending a password reset request with an empty code object, allowing an attacker to reset the admin password without proper validation. The exploit leverages a flawed password reset mechanism in Strapi versions <= 3.0.0-beta.

This repository contains a functional Python exploit for CVE-2019-18818 (password reset bypass) and CVE-2019-19609 (RCE via plugin installation) in Strapi CMS. The script resets the admin password and executes a reverse shell payload.

This repository contains a functional exploit script that chains CVE-2019-18818 and CVE-2019-19609 to achieve unauthenticated remote code execution in Strapi CMS. The exploit first resets an admin password to obtain a JWT token, then uses it to install a malicious plugin that triggers a reverse shell.

This repository contains a functional exploit for CVE-2019-18818, targeting Strapi CMS versions 3.0.0-beta.17.7 and earlier. The exploit chains a password reset vulnerability with an authenticated RCE to achieve a reverse shell.

This repository contains a functional exploit for CVE-2019-18818, which targets a password reset vulnerability in Strapi CMS. The exploit sends a password reset request and sets a new password without proper validation, allowing an attacker to take over an admin account.

This repository contains a functional exploit for Strapi CMS 3.0.0-beta.17.4, chaining CVE-2019-18818 (weak password recovery) and CVE-2019-19609 (command injection) to achieve unauthenticated remote code execution via a reverse shell.

This exploit targets CVE-2019-18818, an authentication bypass vulnerability in Strapi CMS versions 3.0.0-beta and 3.0.0-alpha. It resets the password of a specified user by exploiting a weak password reset mechanism, allowing unauthorized access.

This Metasploit module exploits CVE-2019-18818, an unauthenticated password reset vulnerability in Strapi CMS versions up to 3.0.0-beta.17.4. It abuses a mishandled password reset request to change the admin password by sending a crafted JSON payload.