CyberAlerts is shutting down on June 30th, 2025. Thank you for your support!

CVE-2024-56924: A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary...

Description

A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary JavaScript on the admin page (pages_account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. This vulnerability occurs due to improper validation of user requests, which enables attackers to exploit the system by tricking the admin user into executing malicious scripts.

Classification

CVE ID: CVE-2024-56924

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.04% (probability of being exploited)

EPSS Percentile: 11.71% (scored less or equal to compared to others)

EPSS Date: 2025-02-20 (when was this score calculated)

References

https://github.com/ipratheep/CVE-2024-56924

Timeline

2025-01-23 00:30:40 UTC
CVE

A Cross Site Request Forgery (CSRF) vulnerability in Code Astro Internet banking system 2.0.0 allows remote attackers to execute arbitrary...