A privilege escalation detected in flintcms versions <= 1.1.9 allows account takeover due to blind MongoDB injection in password reset.
[
{
"product": "flintcms",
"vendor": "https://github.com/JasonEtco",
"versions": [
{
"status": "affected",
"version": "1.1.10"
}
]
}
]