CVE-2024-0522

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 14, 2024

Updated: May 17, 2024

CWE ID 352

Summary

CVE-2024-0522 is a recently identified vulnerability affecting Allegro RomPager 4.01. This issue lies within an unknown function of the usertable.htm?action=delete component in the HTTP POST Request Handler. Manipulation of the argument "username" can lead to cross-site request forgery, allowing remote attacks. Upgrading to version 4.30 is recommended to mitigate this vulnerability. Despite being an old issue, proper disclosure was not made public until now.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Allegro RomPager

Affected Vendors

AllegroSoft

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uJLPPN
https://www.cve.org/CVERecord?id=CVE-2024-0522
https://nvd.nist.gov/vuln/detail/CVE-2024-0522

Back to Vulnerability Database