CVE-2024-50858

CVSS 8.8 HIGHEPSS 1.7%CWE-352

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/52200unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50858 https://github.com/muebel/gestioip-docker-compose http://www.gestioip.net