CVE-2024-1231

Name of the Vulnerable Software and Affected Versions CM Download Manager versions prior to 2.9.0

Description The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to make logged-in admins unpublish downloads via a CSRF attack. This could be exploited by tricking administrators into performing unintended actions.

Recommendations For versions prior to 2.9.0, update to version 2.9.0 or later to resolve the issue. As a temporary workaround, consider implementing additional CSRF protection measures to minimize the risk of exploitation.