CVE-2024-50859

The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...

CVE-2024-48760

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution...

CVE-2024-50859

The ipimportaclcsv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data...

CVE-2024-50861

The ipmoddnskeyform.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks...

CVE-2024-50859

CVE-2024-50859 affects GestioIP v3.5.7. The ip_import_acl_csv request is vulnerable to Reflected XSS: if a user uploads an improperly formatted file, its content can be reflected in the HTML response, enabling execution of malicious scripts or data exfiltration. The CVSS v3.1 base score is 4.8 (M...

CVE-2024-48760

GestioIP 3.5.7 has a remote code execution (RCE) via the file upload feature. An attacker can upload a malicious perlcmd.cgi that overwrites upload.cgi, enabling arbitrary commands on the server. CVSSv3.1: 9.8 (CRITICAL), AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. Exploitation details appear in exploit...

CVE-2024-50861

GestioIP v3.5.7 is affected by a Stored XSS in the ip_mod_dns_key_form.cgi flow. An attacker can inject code into the TSIG Key field, which is stored in the database and triggers XSS when the DNS Key page is viewed, enabling data exfiltration and CSRF. The Red Hat CVE entry and Exploit/packetstor...