A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery.
This vulnerability is traded as CVE-2024-0522. It is possible to launch the attack remotely. There is no exploit available.
The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure.
It is recommended to upgrade the affected component.