CVE-2024-40488

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 12, 2024
Updated: Aug 13, 2024
CWE ID 352

Summary

CVE-2024-40488 is a newly discovered Cross-Site Request Forgery (CSRF) vulnerability affecting the Kashipara Live Membership System v1.0. If exploited, an attacker could manipulate the administrator into deleting valid member data through a specially crafted HTML page. The Delete Member action at /delete_members.php is particularly susceptible to this attack. This weakness could lead to significant data loss and undermine the security of the membership system. It is recommended that users upgrade to the latest version of the software to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share