CVE-2024-51487— Ampache 跨站请求伪造漏洞

Insufficient Validation in Catalog (Activation/Deactivation) in Ampache

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating catalog. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change website features that should only be managed by administrators through malicious requests. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.

N/A

跨站请求伪造(CSRF)

Ampache 跨站请求伪造漏洞

Ampache是Ampache开源的一款基于Web的音频/视频应用程序和文件管理器。 Ampache 7.0.1版本存在跨站请求伪造漏洞，该漏洞源于当前令牌解析的实现在激活或停用目录时无法正确验证 CSRF 令牌。

N/A

N/A