Insufficient Granularity of Access Control in khodakhah/nodcms


Reported on

Sep 29th 2021


There is no rate limit sent unlimited email victim or any email address

Proof of Concept

There is no rate limit return-password , attacker to send unlimited email to victim or any email address.

POST /en/return-password HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:92.0) Gecko/20100101 Firefox/92.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 21
Connection: close
Cookie: ci_session=caa59553f10a9f15a8420e46308cc7a4d3582746

Post data email= parameter value to victim mail. this request unlimited time and victim email address will received unlimited verification email .


Attacker can sent unlimited email to any mail address .

We have contacted a member of the khodakhah/nodcms team and are waiting to hear back 2 years ago
khodakhah validated this vulnerability 2 years ago
Raptor has been awarded the disclosure bounty
The fix bounty is now up for grabs
khodakhah marked this as fixed with commit 858590 2 years ago
The fix bounty has been dropped
This vulnerability will not receive a CVE
Users.php#L191-L217 has been validated
to join this conversation