CVE-2024-0522

Name of the Vulnerable Software and Affected Versions Allegro RomPager version 4.01

Description A problematic issue was found in the HTTP POST Request Handler component, specifically in the file usertable.htm?action=delete. The manipulation of the username argument leads to cross-site request forgery. This issue can be exploited remotely. The vendor notes that this is a very old issue that was fixed 20 years ago without public disclosure.

Recommendations For Allegro RomPager version 4.01, upgrade to version 4.30 to address this issue. As a temporary workaround, consider restricting access to the usertable.htm?action=delete file or disabling the HTTP POST Request Handler component until the upgrade is applied.