gestioip CVE Vulnerabilities & Metrics

Focus on gestioip vulnerabilities and metrics.

Last updated: 07 Jun 2025, 22:25 UTC

About gestioip Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with gestioip. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total gestioip CVEs: 5
Earliest CVE date: 14 Jan 2025, 22:15 UTC
Latest CVE date: 14 Jan 2025, 22:15 UTC

Latest CVE reference: CVE-2024-50861

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 5

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical gestioip CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.0

Max CVSS: 0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	5
4.0-6.9	0
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS gestioip CVEs

These are the five CVEs with the highest CVSS scores for gestioip, sorted by severity first and recency.

CVE-2024-50861 gestioip Published on 14 Jan 2025, 22:15 UTC (CVSS: 0)
The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.
CVE-2024-50859 gestioip Published on 14 Jan 2025, 22:15 UTC (CVSS: 0)
The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.
CVE-2024-50858 gestioip Published on 14 Jan 2025, 22:15 UTC (CVSS: 0)
Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.
CVE-2024-50857 gestioip Published on 14 Jan 2025, 22:15 UTC (CVSS: 0)
The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.
CVE-2024-48760 gestioip Published on 14 Jan 2025, 22:15 UTC (CVSS: 0)
An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.

All CVEs for gestioip

CVE-2024-50861 gestioip vulnerability CVSS: 0 14 Jan 2025, 22:15 UTC

The ip_mod_dns_key_form.cgi request in GestioIP v3.5.7 is vulnerable to Stored XSS. An attacker can inject malicious code into the "TSIG Key" field, which is saved in the database and triggers XSS when viewed, enabling data exfiltration and CSRF attacks.

CVE-2024-50859 gestioip vulnerability CVSS: 0 14 Jan 2025, 22:15 UTC

The ip_import_acl_csv request in GestioIP v3.5.7 is vulnerable to Reflected XSS. When a user uploads an improperly formatted file, the content may be reflected in the HTML response, allowing the attacker to execute malicious scripts or exfiltrate data.

CVE-2024-50858 gestioip vulnerability CVSS: 0 14 Jan 2025, 22:15 UTC

Multiple endpoints in GestioIP v3.5.7 are vulnerable to Cross-Site Request Forgery (CSRF). An attacker can execute actions via the admin's browser by hosting a malicious URL, leading to data modification, deletion, or exfiltration.

CVE-2024-50857 gestioip vulnerability CVSS: 0 14 Jan 2025, 22:15 UTC

The ip_do_job request in GestioIP v3.5.7 is vulnerable to Cross-Site Scripting (XSS). It allows data exfiltration and enables CSRF attacks. The vulnerability requires specific user permissions within the application to exploit successfully.

CVE-2024-48760 gestioip vulnerability CVSS: 0 14 Jan 2025, 22:15 UTC

An issue in GestioIP v3.5.7 allows a remote attacker to execute arbitrary code via the file upload function. The attacker can upload a malicious perlcmd.cgi file that overwrites the original upload.cgi file, enabling remote command execution.