CVE-2024-41432

Summary

CVE-2024-41432 is a newly disclosed IP Spoofing vulnerability affecting Likeshop software versions up to 2.5.7.20210811. This issue enables attackers to manipulate their IP addresses by inserting forged 'X-Forwarded' or 'Client-IP' headers in requests. By exploiting this vulnerability, cybercriminals can bypass account lockout protections during unauthorized login attempts to admin accounts, masquerade as trusted IP addresses, and potentially gain access to sensitive user information. This poses a significant risk for unauthorized access and data breaches.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.