CVE-2024-56924

Exploit

EPSS 0.01%
Veröffentlicht 22.01.2025 21:15:09
Zuletzt bearbeitet 04.08.2025 15:08:25
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Codeastro ≫ Internet Banking System Version2.0.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.01%	0.01

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.3	2.1	5.2	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

https://github.com/ipratheep/CVE-2024-56924

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-56924

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-56924

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-56924

EUVD