CVE-2024-0522 | Allegro RomPager 4.01 HTTP POST Request usertable.htm username cross-site request forgery

A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery.

This vulnerability is traded as CVE-2024-0522. It is possible to launch the attack remotely. There is no exploit available.

The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure.

It is recommended to upgrade the affected component.

CVE-2024-0522 | Allegro RomPager 4.01 HTTP POST Request usertable.htm username cross-site request forgery

Post correlati

CVE-2023-5512 | GitLab Community Edition/Enterprise Edition prior 16.4.4/16.5.4/16.6.2 File Name code injection (Issue 427827)

CVE-2024-32041 | FreeRDP up to 2.11.5/3.4.x out-of-bounds (GHSA-5r4p-mfx2-m44r)

CVE-2024-3227 | Panwei eoffice OA up to 9.5 Backend save_image.php image_type path traversal

CVE-2024-36078 | Zammad up to 6.3.0 on Ruby permission