CVE-2024-7459 MEDIUM

CVE-2024-7459: OSWAPP Warehouse Inventory System edit_account.php cross-site request forgery

Vendor Oswapp
Product Warehouse Inventory System
Weakness CWE-352 · CSRF
Published August 4, 2024
Last update August 7, 2024
View on NVD All CVEs

CVSS base score

6.9/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

A vulnerability was found in OSWAPP Warehouse Inventory System 1.0/2.0. It has been classified as problematic. Affected is an unknown function of the file /edit_account.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-273552.

Key dates

02Disclosure timeline

August 4, 2024 CVE published
August 7, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-28909 WordPress WP No-Bot Question plugin <= 0.1.7 - Cross Site Request Forgery (CSRF) vulnerability CVE-2024-56012 WordPress Flash News / Post (Responsive) plugin <= 4.1 - CSRF to Privilege Escalation vulnerability CVE-2023-52119 WordPress Icegram Plugin <= 3.1.18 is vulnerable to Cross Site Request Forgery (CSRF) CVE-2024-31363 WordPress LifterLMS plugin <= 7.5.0 - Cross Site Request Forgery (CSRF) vulnerability CVE-2026-34613 AVideo: CSRF on Plugin Enable/Disable Endpoint Allows Disabling Security Plugins