CVE-2024-51489— Insufficient Message Token Validation in Ampache
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-51489
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Insufficient Message Token Validation in Ampache
Source: NVD (National Vulnerability Database)
Vulnerability Description
Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing does not adequately validate CSRF tokens when users send messages to one another. This vulnerability could be exploited to forge CSRF attacks, allowing an attacker to send messages to any user, including administrators, if they interact with a malicious request. This issue has been addressed in version 7.0.1 and all users are advised to upgrade. There are no known workarounds for this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
跨站请求伪造(CSRF)
Source: NVD (National Vulnerability Database)
Vulnerability Title
Ampache 跨站请求伪造漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Ampache是Ampache开源的一款基于Web的音频/视频应用程序和文件管理器。 Ampache 7.0.1版本存在跨站请求伪造漏洞,该漏洞源于当前的令牌解析实现在用户相互发送消息时没有充分验证 CSRF 令牌。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2024-51489
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-51489
请登录查看更多情报信息。
Same Patch Batch · ampache · 2024-11-11 · 7 CVEs total
| CVE-2024-51490 | 5.5 MEDIUM | Stored Cross-Site Scripting in Ampache |
| CVE-2024-51486 | 5.5 MEDIUM | Stored Cross-Site Scripting in Ampache |
| CVE-2024-51488 | Insufficient Validation in Delete Message in Ampache | |
| CVE-2024-51487 | Insufficient Validation in Catalog (Activation/Deactivation) in Ampache | |
| CVE-2024-51484 | Insufficient Validation in Controllers (Activation/Deactivation) in Ampache | |
| CVE-2024-51485 | Insufficient Validation in Plugins (Activation/Deactivation) in Ampache |
IV. Related Vulnerabilities
Same product: ampache
- CVE-2024-51484
Insufficient Validation in Controllers (Activation/Deactivat - CVE-2024-51485
Insufficient Validation in Plugins (Activation/Deactivation) - CVE-2024-51486
Stored Cross-Site Scripting in Ampache - CVE-2024-51487
Insufficient Validation in Catalog (Activation/Deactivation) - CVE-2024-51488
Insufficient Validation in Delete Message in Ampache
Same vendor: ampache
- CVE-2024-51484
Insufficient Validation in Controllers (Activation/Deactivat - CVE-2024-51485
Insufficient Validation in Plugins (Activation/Deactivation) - CVE-2024-51486
Stored Cross-Site Scripting in Ampache - CVE-2024-51487
Insufficient Validation in Catalog (Activation/Deactivation) - CVE-2024-51488
Insufficient Validation in Delete Message in Ampache
Same weakness: CWE-352
- CVE-2021-47953
OpenCart 3.0.3.7 Cross-Site Request Forgery via account/pass - CVE-2021-47946
OpenCart 3.0.36 Account Takeover via Cross Site Request Forg - CVE-2022-50955
WordPress Plugin Curtain 1.0.2 Cross-site Request Forgery - CVE-2026-8194
osTicket Dispatcher class.dispatcher.php cross-site request - CVE-2026-42286
Emlog: Cross-Site Request Forgery in Admin Functions
V. Comments for CVE-2024-51489
No comments yet