PT-2017-18560 · Genix · Genixcms

Published

2017-05-08

Updated

2022-05-17

CVE-2017-8827

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions GeniXCMS version 1.0.2

Description The issue is related to the forgotpassword.php file, which lacks a rate limit. This might allow remote attackers to cause a denial of service, resulting in login inability, or possibly conduct Arbitrary User Password Reset attacks via a series of requests to the affected endpoint.

Recommendations For GeniXCMS version 1.0.2, consider implementing a rate limit on the forgotpassword.php file to prevent abuse and mitigate the risk of denial of service or Arbitrary User Password Reset attacks. As a temporary workaround, restrict access to the forgotpassword.php file until a proper rate limiting mechanism is in place.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2017-8827

GHSA-WM7G-RMGG-9837

Affected Products

Genixcms

PT-2017-18560 · Genix · Genixcms

CVE-2017-8827

Weakness Enumeration

Related Identifiers

Affected Products

References · 6