Описание
forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.
Ссылки
- Issue TrackingPatchThird Party Advisory
- Issue TrackingPatchThird Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:genixcms:genixcms:1.0.2:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00457
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-287
Связанные уязвимости
CVSS3: 9.1
github
больше 3 лет назад
GeniXCMS Arbitrary User Password Reset Vulnerability
EPSS
Процентиль: 63%
0.00457
Низкий
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-287