every organization features a database program for storing and retrieving the information for each organizational use. As for a few of the characters, we must always be using the database program which allows the user to trace inventory and usage of the database. it’s the software named “Snipe-IT”. And it’s an open-source inventory/asset/license management system that’s accustomed to caring for the web, primarily within the script language PHP and SQL.
As this can be the foremost widely used software and also the most vulnerable software. a number of the developers state that they patched a critical vulnerability in Snipe-IT that may be exploited to send users malicious passwords for reset requests.
As we all know Snipe-IT may be a cloud-based and open-source project for asset management. it’s the foremost popular system designed to exchange sometimes the clunky and ineffective excel spreadsheets, accounts for roughly 3.4 million users, and over 6.7 million managed assets.
The vulnerability is described as a host header injection bug and its issues occur when server communication is handled in an unsafe way and will cause different problems including SQL Injection, Server-Side Request Forgery, and Web Cache Poisoning attacks.
This Snipe-IT allows attackers to send crafted host headers to reset password request functionality from the system and target users will attempt to perform the password reset requests and it’ll lead attacker-controlled server with the Snipe-IT users.
The founded developers say that it can capable for steal passwords with reset tokens, and should result in account hijacking.
