Hue Ghost CMS Theme for Podcasting 3.x.x rate limit

2020.12.10
Risk: Low
Local: No
Remote: Yes
CVE: 2020-29393
CWE: N/A

> An issue was discovered in Hue Ghost CMS Theme for Podcasting 3.x.x. > Their is no rate limit on the newsletter subscribe button. > For example, an attacker who controls one email address can send a thousand subscription requests. > > ------------------------------------------ > > [Additional Information] > Affected Product link > https://themeforest.net/item/hue-ghost-cms-theme-for-podcasting/25729319 > Vendor Link > https://themeforest.net/user/aspirethemes > > Means i can use any one email and send them 1000 mail.Affecting status of the company. > > ------------------------------------------ > > [VulnerabilityType Other] > No rate Limit > > ------------------------------------------ > > [Vendor of Product] > aspirethemes > > ------------------------------------------ > > [Affected Product Code Base] > Hue - Ghost CMS Theme for Podcasting. https://themeforest.net/item/hue-ghost-cms-theme-for-podcasting/25729319 - Ghost 3.x.x > > ------------------------------------------ > > [Affected Component] > User > > ------------------------------------------ > > [Attack Type] > Remote > > ------------------------------------------ > > [Impact Denial of Service] > true > > ------------------------------------------ > > [Attack Vectors] > Their is no rate limit vulnerability on email subscribe > > ------------------------------------------ > > [Reference] > https://themeforest.net/item/hue-ghost-cms-theme-for-podcasting/25729319 > https://themeforest.net/user/aspirethemes > > ------------------------------------------ > > [Discoverer] > Aaryan Saharan


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top