A vulnerability found in IPRateLimit implementation of FileCodeBox up to 2.2 allows remote attackers to bypass ip-based rate limit protection and failed attempt restrictions by faking X-Real-IP and X-Forwarded-For HTTP headers. This can enable attackers to perform DoS attacks or brute force share codes.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HLanol Filecodebox
APPLanol≤ 2.2
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Powiązane podatności
CVE-2025-51661HIGH7.5ten sam produkt
A path Traversal vulnerability found in FileCodeBox v2.2 and earlier allows arbitrary file writes when applica...
CVE-2025-51662MEDIUM5.4ten sam produkt
A stored cross-site scripting (XSS) vulnerability is found in the text sharing feature of FileCodeBox version ...
CVE-2024-34525MEDIUM5.3ten sam produkt
FileCodeBox 2.0 stores a OneDrive password and AWS key in a cleartext env file.