Weak password reset token leads to account takeover in SeedDMS – My First CVE – CVE-2022-44938
Hi Everyone, recently I’ve discovered vulnerability in SeedDMS engine which could let attacker to takeover any account (Including Administrator). Without further wasting your time let’s dive into the details.