CVE-2024-56924

Name of the Vulnerable Software and Affected Versions Code Astro Internet banking system version 2.0.0

Description A Cross Site Request Forgery (CSRF) vulnerability exists in Code Astro Internet banking system version 2.0.0. This allows remote attackers to execute arbitrary JavaScript on the admin page (pages account), potentially leading to unauthorized actions such as changing account settings or stealing sensitive user information. The vulnerability occurs due to improper validation of user requests, enabling attackers to exploit the system by tricking the admin user into executing malicious scripts.

Recommendations Code Astro Internet banking system version 2.0.0: Implement robust CSRF protection mechanisms, such as synchronizer tokens, to validate user requests and prevent unauthorized actions. Ensure all user inputs are properly validated and sanitized before processing.