CVE-2024-47828

Name of the Vulnerable Software and Affected Versions ampache (affected versions not specified)

Description A Cross-Site Request Forgery (CSRF) attack can be performed to delete objects such as playlists and smartlists. This attack forces authenticated users to submit a request to a web application against which they are currently authenticated. The issue can be exploited by creating a malicious script with an arbitrary playlist ID belonging to another user, resulting in the deletion of the user's playlist without their consent. Any user with an active session who is tricked into submitting a malicious request is impacted.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.