CVE-2024-50861

The ipmoddnskeyform.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks...

CVE-2024-50857

The ipdojob request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting XSS. It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully...

CVE-2024-50858

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery CSRF. An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration...

CVE-2024-50859

The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution...

CVE-2024-50858

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery CSRF. An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration...

CVE-2024-50861

The ipmoddnskeyform.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks...

CVE-2024-50859

CVE-2024-50859 affects GestioIP v3.5.7. The ip_import_acl_csv request is vulnerable to Reflected XSS: if a user uploads an improperly formatted file, its content can be reflected in the HTML response, enabling execution of malicious scripts or data exfiltration. The CVSS v3.1 base score is 4.8 (M...

CVE-2024-48760

GestioIP 3.5.7 has a remote code execution (RCE) via the file upload feature. An attacker can upload a malicious perlcmd.cgi that overwrites upload.cgi, enabling arbitrary commands on the server. CVSSv3.1: 9.8 (CRITICAL), AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Exploitation details appear in exploit...

CVE-2024-50857

The ipdojob request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting XSS. It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully...

CVE-2024-50857

GestioIP v3.5.7 is affected by a reflected XSS in the ip_do_job request, caused by unsanitized input. Exploitation requires specific user permissions and can lead to data exfiltration and CSRF. Practical details and patches are referenced in multiple sources (Nuclei template, CVE writeups, and ad...

CVE-2024-50859

The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution...

CVE-2024-50861

GestioIP v3.5.7 is affected by a Stored XSS in the ip_mod_dns_key_form.cgi flow. An attacker can inject code into the TSIG Key field, which is stored in the database and triggers XSS when the DNS Key page is viewed, enabling data exfiltration and CSRF. The Red Hat CVE entry and Exploit/packetstor...

CVE-2024-50858

CVE-2024-50858 affects GestioIP v3.5.7: multiple endpoints are vulnerable to CSRF, allowing an attacker to perform actions in an admin’s browser via a malicious URL, causing data modification, deletion or exfiltration. Public detail exists in Red Hat, NVD/NIST, CNNVD, PacketStorm, Exploit-DB, and...