Cross-Site Request Forgery in GestioIP v3.5.7 by GestioIP
CVE-2024-50858

8.8HIGH

Key Information:

Vendor: GestioIP
Status: Gestioip
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-50858?

GestioIP v3.5.7 contains multiple endpoints that are vulnerable to Cross-Site Request Forgery (CSRF) attacks. This vulnerability enables an attacker to execute unauthorized commands in the context of an authenticated admin session. By leveraging a crafted malicious URL, the attacker can trick the admin into performing actions such as data modification, deletion, or even unauthorized data exfiltration. The potential risks associated with this vulnerability highlight the importance of implementing effective CSRF protections to safeguard administrative interfaces.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/muebel/gestioip-docker-compose

http://www.gestioip.net

https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50858

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2025

JSON

GestioIP

What is CVE-2024-50858?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.