Gryffinbit

**Name of the Vulnerable Software and Affected Versions** Lylme Spage version 1.9.5 **Description** The issue is related to Incorrect Access Control, where there is no limit on the number of login attempts. Additionally, the verification code does not refresh after a failed login, allowing attackers to attempt multiple username and password combinations to gain access to the system backend. **Recommendations** For Lylme Spage version 1.9.5, consider implementing a limit on the number of login attempts and ensure the verification code is refreshed after each failed login to prevent brute force attacks. As a temporary workaround, restrict access to the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.