CVE-2017-8827

Name of the Vulnerable Software and Affected Versions GeniXCMS version 1.0.2

Description The issue is related to the forgotpassword.php file, which lacks a rate limit. This might allow remote attackers to cause a denial of service, resulting in login inability, or possibly conduct Arbitrary User Password Reset attacks via a series of requests to the affected endpoint.

Recommendations For GeniXCMS version 1.0.2, consider implementing a rate limit on the forgotpassword.php file to prevent abuse and mitigate the risk of denial of service or Arbitrary User Password Reset attacks. As a temporary workaround, restrict access to the forgotpassword.php file until a proper rate limiting mechanism is in place.