CVE-2022-23079

Summary

In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.

Affected Software

VendorProductVersion RangeStatus
motor-adminmotor-admin0.0.1 < unspecifiedaffected
motor-adminmotor-adminunspecified <= 0.2.56affected

Weaknesses

  • CWE-116: CWE-116 Improper Encoding or Escaping of Output

ADP Enrichment

CVE Program Container

Additional References

References