mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
764 B
764 B
CVE-2024-28144
Description
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.