CVE-2024-48176 Information

Description

Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts and the verification code will not be refreshed after a failed login which allows attackers to blast the username and password and log into the system backend.

Reference

https://gist.github.com/Gryffinbit/c0b37c6caae4844d4f59368e454d3e46