CVE-2024-22601

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 18, 2024

Updated: Jan 23, 2024

CWE ID 352

Summary

CVE-2024-22601 is a newly identified vulnerability affecting FlyCms version 1.0. This issue permits an attacker to perform a Cross-Site Request Forgery (CSRF) attack through the /system/score/scorerule_save endpoint. Successful exploitation of this vulnerability could result in unintended actions being taken on the affected system without the user's knowledge or consent. To mitigate this risk, it is recommended that users upgrade to the latest version of FlyCms or implement appropriate CSRF tokens in their requests.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uGxrFW
https://www.cve.org/CVERecord?id=CVE-2024-22601
https://nvd.nist.gov/vuln/detail/CVE-2024-22601

Back to Vulnerability Database

CVE-2024-22601

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations