CVE-2024-51484

Name of the Vulnerable Software and Affected Versions Ampache versions prior to 7.0.1

Description The issue concerns the improper validation of CSRF tokens in the token parsing implementation, allowing attackers to exploit CSRF attacks. This could enable them to change website features that should only be managed by administrators through malicious requests.

Recommendations For versions prior to 7.0.1, upgrade to version 7.0.1 to address the issue. As a temporary workaround, consider restricting access to controller activation and deactivation features to minimize the risk of exploitation. Avoid using the application's administrative features from untrusted networks until the issue is resolved.