Описание
GeniXCMS Arbitrary User Password Reset Vulnerability
forgotpassword.php in GeniXCMS lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
Пакеты
Наименование
genix/cms
composer
Затронутые версииВерсия исправления
< 1.1.2
1.1.2
Связанные уязвимости
CVSS3: 9.1
nvd
больше 8 лет назад
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.