CVE-2019-18818: CVE-2019-18818

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2019-18818

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

strapi before 3.0.0-beta.17.5 mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

strapi 授权问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

strapi是一套开源的无头内容管理系统（CMS）。 strapi 3.0.0-beta.17.5之前版本中存在安全漏洞，该漏洞源于程序没有正确处理packages/strapi-admin/controllers/Auth.js和packages/strapi-plugin-users-permissions/controllers/Auth.js文件中的密码重置。目前尚无此漏洞的相关信息，请随时关注CNNVD或厂商公告。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	n/a	n/a	-

II. Public POCs for CVE-2019-18818

#	POC Description	Source Link	Shenlong Link
1	None	https://github.com/guglia001/CVE-2019-18818	POC Details
2	None	https://github.com/rasyidfox/CVE-2019-18818	POC Details
3	CVE-2019-18818/19606 Strapi RCE	https://github.com/hadrian3689/strapi_cms_3.0.0-beta.17.7	POC Details
4	Exploit script showcasing a mixture of CVE-2019-18818 and CVE-2019-19609 for unauthenticated remote code execution in Strapi CMS.	https://github.com/Hackhoven/Strapi-RCE	POC Details
5	This repository contains a Python script to exploit two vulnerabilities: CVE-2019-18818 and CVE-2019-19609.	https://github.com/abelsrzz/CVE-2019-18818_CVE-2019-19609	POC Details
6	strapi CMS before 3.0.0-beta.17.5 allows admin password resets because it mishandles password resets within packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2019/CVE-2019-18818.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2019-18818

Please Login to view more intelligence information

http://packetstormsecurity.com/files/163939/Strapi-3.0.0-beta-Authentication-Bypass.htmlx_refsource_MISC
http://packetstormsecurity.com/files/165896/Strapi-CMS-3.0.0-beta.17.4-Privilege-Escalation.htmlx_refsource_MISC
http://packetstormsecurity.com/files/163950/Strapi-CMS-3.0.0-beta.17.4-Remote-Code-Execution.htmlx_refsource_MISC
https://github.com/strapi/strapi/pull/4443x_refsource_MISC
https://github.com/strapi/strapi/releases/tag/v3.0.0-beta.17.5x_refsource_MISC
https://www.npmjs.com/advisories/1311x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2019-18818

New Vulnerabilities

Product: n/a

Vendor: n/a

V. Comments for CVE-2019-18818

No comments yet

Support Us — Your donation helps us keep running

I. Basic Information for CVE-2019-18818

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2019-18818

III. Intelligence Information for CVE-2019-18818

New Vulnerabilities

V. Comments for CVE-2019-18818

Leave a comment