A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Sun, 13 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00106}

epss

{'score': 0.00115}


Thu, 26 Sep 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Lpc
Lpc lines Police Cad
Weaknesses CWE-601
CPEs cpe:2.3:a:lpc:lines_police_cad:1.0:*:*:*:*:*:*:*
Vendors & Products Lpc
Lpc lines Police Cad
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 26 Sep 2024 16:45:00 +0000

Type Values Removed Values Added
Description A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts.
References

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-09-26T18:24:26.757Z

Reserved: 2024-09-11T00:00:00

Link: CVE-2024-45979

cve-icon Vulnrichment

Updated: 2024-09-26T18:22:35.776Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-26T17:15:03.813

Modified: 2024-09-30T12:46:20.237

Link: CVE-2024-45979

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.