Unrestricted Password Reset and Denial of Service Vulnerability in GeniXCMS 1.0.2

Unrestricted Password Reset and Denial of Service Vulnerability in GeniXCMS 1.0.2

CVE-2017-8827 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:P

forgotpassword.php in GeniXCMS 1.0.2 lacks a rate limit, which might allow remote attackers to cause a denial of service (login inability) or possibly conduct Arbitrary User Password Reset attacks via a series of requests.

Learn more about our Cms Pen Testing.