How severe is CVE-2024-23831?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2024-23831?

This is classified as CWE-352, which is a common weakness in software security.

CVE-2024-23831 - HIGH Severity | CVSS 7.5

Vulnerability Description

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used to create a new user account with full application (/login.pl) privileges, leading to privilege escalation. The vulnerability is patched in versions 1.10.30 and 1.11.9.

Related Vulnerabilities

CVE-2015-7936

HIGH

CVSS:7.5(High)

Cross-site request forgery (CSRF) vulnerability in Motorola Solutions MOSCAD IP Gateway allows remote attackers to hijack the authentication of administrators for requests that modify a password.

CWE-3522015

CVE-2016-1139

HIGH

CVSS:7.5(High)

Cross-site request forgery (CSRF) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CWE-3522016

CVE-2016-8718

HIGH

CVSS:7.5(High)

An exploitable Cross-Site Request Forgery vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1. A specially crafted form can trick a c...

CWE-3522016

CVE-2017-1000092

HIGH

CVSS:7.5(High)

Git Plugin connects to a user-specified Git repository as part of form validation. An attacker with no direct access to Jenkins but able to guess at a username/password credentials ID could trick a de...

CWE-3522017

CVE-2017-12415

HIGH

CVSS:7.5(High)

OXID eShop Community Edition before 6.0.0 RC2 (development), 4.10.x before 4.10.5 (maintenance), and 4.9.x before 4.9.10 (legacy), Enterprise Edition before 6.0.0 RC2 (development), 5.2.x before 5.2.1...

CWE-3522017

CVE-2017-12439

HIGH

CVSS:7.5(High)

SocuSoft Flash Slideshow Maker Professional through v5.20, when the advanced configuration is used, has an xml_path HTTP parameter that trusts user-supplied input, in conjunction with an unsafe XML co...

CWE-3522017