Lylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code will not be refreshed after a failed login, which allows attackers to blast the username and password and log into the system backend.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/48xxx/CVE-2024-48176.json",
"cna_assigner": "mitre"
}