CVE-2024-41432

Exploit

EPSS 0.1%
Veröffentlicht 07.08.2024 16:15:46
Zuletzt bearbeitet 08.08.2024 15:02:52
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

An IP Spoofing vulnerability has been discovered in Likeshop up to 2.5.7.20210811. This issue allows an attacker to replace their real IP address with any arbitrary IP address, specifically by adding a forged 'X-Forwarded' or 'Client-IP' header to requests. Exploiting IP spoofing, attackers can bypass account lockout mechanisms during attempts to log into admin accounts, spoof IP addresses in requests sent to the server, and impersonate IP addresses that have logged into user accounts, etc.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Likeshop ≫ Likeshop Version <= 2.5.7.20210811

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.1%	0.283

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-290 Authentication Bypass by Spoofing

This attack-focused weakness is caused by incorrectly implemented authentication schemes that are subject to spoofing attacks.

https://gitlab.com/c2at3/cve-2024-41432/-/blob/main/README.md

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-41432

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-41432

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-41432

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-41432