CVE-2024-51488 MEDIUM

CVE-2024-51488: Insufficient Validation in Delete Message in Ampache

Vendor Ampache
Product ampache
Weakness CWE-352 · CSRF
Published November 11, 2024
Last update November 12, 2024
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users delete messages. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to delete messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

Key dates

02Disclosure timeline

November 11, 2024 CVE published
November 12, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-1165 Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change CVE-2024-12541 Chative Live chat and Chatbot <= 1.1 - Cross-Site Request Forgery via add_chative_widget_action Function CVE-2021-47702 OpenBMCS Cross Site Request Forgery (CSRF) via sendFeedback.php CVE-2012-10010 BestWebSoft Contact Form contact_form.php cntctfrm_settings_page cross-site request forgery CVE-2025-23573 WordPress WP Background Tile plugin <= 1.0 - CSRF to Stored XSS vulnerability