Raytha CMS allows an attacker to spoof `X-Forwarded-Host` or `Host` headers to attacker controlled domain. The attacker (who knows the victim's email address) can force the server to send an email with password reset link pointing to the domain from spoofed header. When victim clicks the link, browser sends request to the attacker’s domain with the token in the path allowing the attacker to capture the token. This allows the attacker to reset victim's password and take over the victim's account. This issue was fixed in version 1.4.6.
oryginał ENCVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:XRaytha
APPRaytha< 1.4.6
Powiązane podatności
"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to applicat...
Raytha CMS is vulnerable to Stored XSS via FieldValues[1].Value parameter in post editing functionality. Authe...
Raytha CMS is vulnerable to Stored XSS via FieldValues[0].Value parameter in page creation functionality. Auth...
Raytha CMS is vulnerable to Cross-Site Request Forgery across multiple endpoints. Attacker can craft special w...
Raytha CMS is vulnerable to Server-Side Request Forgery in the “Themes - Import from URL” feature. It allows a...