Vulnerabilities > Ctfd

DATE	CVE	VULNERABILITY TITLE	RISK
2020-04-01	CVE-2020-5290	Session Fixation vulnerability in Ctfd Rctf In RedpwnCTF before version 2.3, there is a session fixation vulnerability in exploitable through the `#token=$ssid` hash when making a request to the `/verify` endpoint. network low complexity ctfd CWE-384	6.5
2020-01-23	CVE-2020-7245	Weak Password Recovery Mechanism for Forgotten Password vulnerability in Ctfd Incorrect username validation in the registration process of CTFd v2.0.0 - v2.2.2 allows an attacker to take over an arbitrary account if the username is known and emails are enabled on the CTFd instance. network low complexity ctfd CWE-640 critical	9.8

Vulnerabilities > Ctfd {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Ctfd"}]}