CVE-2024-51488

Name of the Vulnerable Software and Affected Versions Ampache versions prior to 7.0.1

Description The issue concerns the inadequate validation of CSRF tokens in the token parsing implementation, which could be exploited to forge CSRF attacks. This allows an attacker to delete messages to any user, including administrators, if they interact with a malicious request.

Recommendations For versions prior to 7.0.1, upgrade to version 7.0.1 to address the issue. As a temporary workaround, consider restricting access to the message deletion functionality until the upgrade is applied. Avoid interacting with suspicious requests that may trigger the deletion of messages.