Medium severity5.5NVD Advisory· Published Dec 12, 2024· Updated Apr 15, 2026
CVE-2024-28144
CVE-2024-28144
Description
An attacker who can spoof the IP address and the User-Agent of a logged-in user can takeover the session because of flaws in the self-developed session management. If two users access the web interface from the same IP they are logged in as the other user.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.