Medium severity4.4NVD Advisory· Published Apr 14, 2025· Updated Jun 17, 2026
CVE-2024-49709
CVE-2024-49709
Description
Internet Starter, one of SoftCOM iKSORIS system modules, allows for setting an arbitrary session cookie value. An attacker with an access to user's browser might set such a cookie, wait until the user logs in and then use the same cookie to take over the account. Moreover, the system does not destroy the old sessions when creating new ones, what expands the time frame in which an attack might be performed. This vulnerability has been patched in version 79.0
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <79.0
Patches
Vulnerability mechanics
References
2- cert.pl/en/posts/2025/04/CVE-2024-10087nvdThird Party Advisory
- www.iksoris.pl/system-rezerwacji-i-sprzedazy-biletow-iksoris.htmlnvdProduct
News mentions
0No linked articles in our index yet.