CVE-2024-48176
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
05/11/2024
Last modified:
06/11/2024
Description
Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows attackers to blast the username and password and log into the system backend.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL