14Oca
CVE-2024-0522 | Allegro RomPager 4.01 HTTP POST Request usertable.htm username cross-site request forgery
A vulnerability was found in Allegro RomPager 4.01. It has been classified as problematic. Affected is an unknown function of the file usertable.htm?action=delete of the component HTTP POST Request Handler. The manipulation of the argument username leads to cross-site request forgery. This vulnerability is traded as CVE-2024-0522. It is possible to launch the attack remotely. There is no exploit available. The vendor explains that this is a very old issue that got fixed 20 years ago but without a public disclosure. It is recommended to upgrade the affected component.