CVE-2022-27978 Information

Description

Tooljet v1.6 does not properly handle missing values in the API allowing attackers to arbitrarily reset passwords via a crafted HTTP request.

Reference

http://tooljet.com https://github.com/fourcube/security-advisories/blob/main/security-advisories/20220320-tooljet.md