module
Strapi CMS Unauthenticated Password Reset
Disclosed | Created |
---|---|
Feb 9, 2022 | Nov 21, 2024 |
Disclosed
Feb 9, 2022
Created
Nov 21, 2024
Description
This module abuses the mishandling of a password reset request for
Strapi CMS version 3.0.0-beta.17.4 to change the password of the admin user.
Successfully tested against Strapi CMS version 3.0.0-beta.17.4.
Strapi CMS version 3.0.0-beta.17.4 to change the password of the admin user.
Successfully tested against Strapi CMS version 3.0.0-beta.17.4.
Authors
WackyH4cker
h00die
h00die
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.