CVE-2024-48176

CRITICAL

9.8

Beschreibung

Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows attackers to blast the username and password and log into the system backend.

CVE Details

CVSS v3.1 Bewertung9.8

SchweregradCRITICAL

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionNONE

Veroffentlicht11/5/2024

Zuletzt geandert5/1/2025

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

lylme:lylme_spage

Schwachen (CWE)

CWE-863

Referenzen

https://gist.github.com/Gryffinbit/c0b37c6caae4844d4f59368e454d3e46(cve@mitre.org)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.