A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected