CVE-2024-7460

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 4, 2024
Updated: Aug 6, 2024
CWE ID 352

Summary

CVE-2024-7460 is a newly disclosed vulnerability affecting the OSWAPP Warehouse Inventory System 1.0/2.0. This issue lies in an unidentified functionality of the /change_password.php file. The flaw enables an attacker to execute a cross-site request forgery (CSRF) attack, permitting them to make unauthorized modifications to user accounts. The exploit can be executed remotely, increasing the risk for potential compromise. The vulnerability has been made public, heightening the urgency for affected organizations to apply the necessary patches or mitigations. The VDB-273553 identifier has been assigned to this CSRF vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share