A SQL injection vulnerability exists in Rocket.Chat <v3.18.6, <v4.4.4 and <v4.7.3 which can allow an malicious user to retrieve a reset password token through or a 2fa secret.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
rocket.chat rocket.chat |