Security for everyone

CVE-2019-18818 Scanner

Detects 'Unauthenticated Admin Password Reset' vulnerability in Strapi affects v. before 3.0.0-beta.17.5.


Short Info




Single Scan

Can be used by

Asset Owner

Estimated Time

10 sec

Scan only one

Domain, Ipv4

Parent Category

CVE-2019-18818 Scanner Detail

Strapi is an open-source headless CMS (Content Management System) which is used for the development of serverless CMS-based web applications. Developers use Strapi for creating their own personalized content management system. It is easy to use, highly customizable, and efficient. The platform uses APIs to let businesses build custom solutions and deliver personalized user experiences.

CVE-2019-18818 is a vulnerability that was detected in Strapi before 3.0.0-beta.17.5. The vulnerability is related to password resets in packages/strapi-admin/controllers/Auth.js and packages/strapi-plugin-users-permissions/controllers/Auth.js. Simply put, in outdated versions of Strapi, these controllers mishandled password resets and failed to securely carry out the operation. As a result, they have opened up an issue of concern.

When exploited, the CVE-2019-18818 vulnerability in Strapi can lead to the takeover of user accounts, giving malicious hackers access to confidential or personal data. By gaining access via password resets, unauthorized personnel can potentially perform any action permitted to the user, and thus potentially causing great harm. This vulnerability creates an opportunity for cybercriminals to launch various attacks including, spear-phishing, credentials stealing, identity theft and data breaches.

In conclusion, Security For Everyone offers a vital platform for organizations or individuals to discover potential vulnerabilities in their digital assets easily and quickly. By subscribing to the pro features of this platform, customers can stay ahead of cybercriminals and mitigate the risk of loss of confidential or personal data. Stay safe by being proactive on digital asset security.



cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.
Try it yourself,
control security posture