CVE-2024-28270
Published
CVSS v3
8.1
HIGH
CVSS v2
N/A
Affected
1
PROJECT
Description
An issue discovered in web-flash v3.0 allows attackers to reset passwords for arbitrary users via crafted POST request to /prod-api/user/resetPassword.
web-flash v3.0 Broken Access Control vulnerability
GitHub