CVE-2024-50858

High CVSS: 8.8

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.

Vendor

Gestioip

Product

Gestioip

CWE

CWE-352

Yayın Tarihi

2025-01-14 22:15:27

Güncelleme

2025-06-06 15:40:47

Source Identifier

cve@mitre.org

KEV Date Added

Kategoriler

CWE-352 Gestioip HIGH Gestioip 2025

Referanslar

http://www.gestioip.net https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50858 https://github.com/muebel/gestioip-docker-compose

Benzer Kayıtlar

Medium

CVE-2024-50857

The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and en…

Medium

CVE-2024-50859

The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly forma…

Medium

CVE-2024-50861

The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious cod…

Critical

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacke…