CVE-2022-30358
- Reference to the description:
- Description:
- OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.
- Last updated date:
- 10/31/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 10/31/2024
- Reference url to background
https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30358