Improper Restriction of Power Consumption in microweber/microweber


Reported on

Oct 17th 2021


For comments when the captcha is enable, the attacker can send many spam comments only with first correct captcha code, this means attacker only one time enter the captcha and then can use it for many many times and make damage on availability of system.

We have contacted a member of the microweber team and are waiting to hear back 2 years ago
Peter Ivanov validated this vulnerability 2 years ago
amammad has been awarded the disclosure bounty
The fix bounty is now up for grabs
Peter Ivanov marked this as fixed with commit 33a8d4 2 years ago
Peter Ivanov has been awarded the fix bounty
This vulnerability will not receive a CVE
Peter Ivanov
2 years ago


Thanks, the issue has been fixed now

to join this conversation