CVE-2024-48176

Name of the Vulnerable Software and Affected Versions Lylme Spage version 1.9.5

Description The issue is related to Incorrect Access Control, where there is no limit on the number of login attempts. Additionally, the verification code does not refresh after a failed login, allowing attackers to attempt multiple username and password combinations to gain access to the system backend.

Recommendations For Lylme Spage version 1.9.5, consider implementing a limit on the number of login attempts and ensure the verification code is refreshed after each failed login to prevent brute force attacks. As a temporary workaround, restrict access to the login functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.