CVE-2024-46412

MEDIUM

Rebuild 3.7.7 - Unauthenticated Authentication Bypass via /commons/ip-location GET Request

Title source: llm

Description

Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location.

References (2)

Core 2

Core References

Various Sources

https://github.com/RacerZ-fighting/CVE-vulns/blob/main/rebuild%203.7.5.md

View Writeup ZIP pw:eip

Various Sources

https://github.com/RacerZ-fighting/rebuild-vulns/blob/main/rebuild%203.7.7.md

View Writeup ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0041

EPSS Percentile 32.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-284

Status published

Published Aug 25, 2025

Tracked Since Feb 18, 2026