CVE-2024-47654

Name of the Vulnerable Software and Affected Versions Shilpi Client Dashboard versions prior to 9.7.0

Description This issue exists due to a lack of rate limiting and Captcha protection for OTP requests in certain API endpoints. An unauthenticated remote attacker could exploit this by sending multiple OTP requests through vulnerable API endpoints, leading to OTP bombing on the targeted system. The attacker could flood requests, degrading performance.

Recommendations For versions prior to 9.7.0, update to version 9.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints to minimize the risk of exploitation. Avoid using the OTP request feature in the affected API endpoints until the issue is resolved.