PT-2024-34834 · Fraudlabs Pro · Fraudlabs Pro Sms Verification
Soprobro
·
Published
2024-11-14
·
Updated
2024-11-15
·
CVE-2024-51688
CVSS v3.1
7.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
FraudLabs Pro SMS Verification versions 1.10.1 and earlier
Description
A Cross-Site Request Forgery (CSRF) issue exists in FraudLabs Pro SMS Verification, allowing Stored XSS.
Recommendations
For versions 1.10.1 and earlier, update to a version that fixes this issue.
As a temporary workaround, consider disabling the
FraudLabs Pro SMS Verification function until a patch is available.
Restrict access to the vulnerable SMS Verification module to minimize the risk of exploitation.Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fraudlabs Pro Sms Verification