CVE-2024-48176

CRITICAL

9.8

Description

Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows attackers to blast the username and password and log into the system backend.

CVE Details

CVSS v3.1 Score9.8

SeverityCRITICAL

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionNONE

Published11/5/2024

Last Modified5/1/2025

Sourcenvd

Honeypot Sightings0

Affected Products

lylme:lylme_spage

Weaknesses (CWE)

CWE-863

References

https://gist.github.com/Gryffinbit/c0b37c6caae4844d4f59368e454d3e46(cve@mitre.org)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.