Vulnerability Details CVE-2022-23079
In motor-admin versions 0.0.1 through 0.2.56 are vulnerable to host header injection in the password reset functionality where malicious actor can send fake password reset email to arbitrary victim.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.0%
CVSS Severity
CVSS v2 Score 6.8
References
Products affected by CVE-2022-23079
-
cpe:2.3:a:getmotoradmin:motor_admin:0.0.1
-
cpe:2.3:a:getmotoradmin:motor_admin:0.0.2
-
cpe:2.3:a:getmotoradmin:motor_admin:0.0.3
-
cpe:2.3:a:getmotoradmin:motor_admin:0.0.4
-
cpe:2.3:a:getmotoradmin:motor_admin:0.0.5
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.16
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.17
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.18
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.19
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.21
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.23
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.24
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.25
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.26
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.31
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.33
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.35
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.38
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.49
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.51
-
cpe:2.3:a:getmotoradmin:motor_admin:0.2.56