CVE-2024-7460

Name of the Vulnerable Software and Affected Versions OSWAPP Warehouse Inventory System versions 1.0 through 2.0

Description A vulnerability was found in the OSWAPP Warehouse Inventory System, affecting an unknown functionality of the file /change password.php. This issue leads to cross-site request forgery and can be launched remotely. The exploit has been disclosed to the public and may be used.

Recommendations For OSWAPP Warehouse Inventory System versions 1.0 through 2.0, consider disabling access to the /change password.php file until a patch is available to prevent cross-site request forgery attacks. Restricting the use of this functionality can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.