CVE-2024-37774

Name of the Vulnerable Software and Affected Versions Sunbird DCIM dcTrack version 9.1.2

Description A Cross-Site Request Forgery (CSRF) issue allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens. This can be exploited by attackers who are already logged in.

Recommendations For Sunbird DCIM dcTrack version 9.1.2, consider implementing anti-CSRF measures, such as token-based validation, to prevent attackers from forcing administrators to perform unintended actions. As a temporary workaround, restrict access to sensitive admin screens until a patch is available.