CVE-2024-45987
Last modified
CVE-2024-45987 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. EPSS estimates a 0.22% chance of exploitation in the next 30 days.
Description
Projectworld Online Voting System Version 1.0 is vulnerable to Cross Site Request Forgery (CSRF) via voter.php. This vulnerability allows an attacker to craft a malicious link that, when clicked by an authenticated user, automatically submits a vote for a specified party without the user's consent or knowledge. The attack leverages the user's active session to perform the unauthorized action, compromising the integrity of the voting process.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Online Voting System Project | Online Voting System | 1.0 |
References
- https://github.com/soursec/CVEs/tree/main/CVE-2024-45987Exploit, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2024-45987?
How severe is CVE-2024-45987?
How do I fix CVE-2024-45987?
Are you affected by CVE-2024-45987?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST