Cross-Site Request Forgery in GestioIP v3.5.7 by GestioIP
CVE-2024-50858

8.8HIGH

Key Information:

Vendor: GestioIP
Status: Gestioip
Vendor: CVE Published:; 14 January 2025

What is CVE-2024-50858?

GestioIP v3.5.7 contains multiple endpoints that are vulnerable to Cross-Site Request Forgery (CSRF) attacks. This vulnerability enables an attacker to execute unauthorized commands in the context of an authenticated admin session. By leveraging a crafted malicious URL, the attacker can trick the admin into performing actions such as data modification, deletion, or even unauthorized data exfiltration. The potential risks associated with this vulnerability highlight the importance of implementing effective CSRF protections to safeguard administrative interfaces.

References

https://github.com/muebel/gestioip-docker-compose

http://www.gestioip.net

https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50858

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 14, 2025