CVE-2024-51488
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Nov 11, 2024
Updated: Nov 14, 2024
CWE ID 352
Summary
CVE-2024-51488 is a vulnerability affecting the Ampache web-based audio/video streaming application and file manager. The current implementation of token parsing in Ampache fails to properly validate CSRF tokens during message deletion. This weakness can be exploited by an attacker to perform CSRF attacks, allowing them to delete messages for any user, including administrators, upon interaction with a malicious request. Users are urged to upgrade to version 7.0.1 to mitigate this risk, as there are currently no known workarounds for this vulnerability.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Ampache
Affected Vendors
- Ampache