CVE-2024-27631
MEDIUMGNU Savane < 3.13 - Cross-Site Request Forgery via siteadmin/usergroup.php
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2024-27631. PoCs published by ally-petitt.
AI-analyzed exploit summary This PoC demonstrates a CSRF vulnerability in Savane v3.12 and prior, allowing an attacker to change another user's password and escalate privileges by tricking an admin into visiting a malicious webpage.
Description
Cross Site Request Forgery vulnerability in GNU Savane v.3.12 and before allows a remote attacker to escalate privileges via siteadmin/usergroup.php
Exploits (1)
nomisec
WORKING POC
by ally-petitt · poc
https://github.com/ally-petitt/CVE-2024-27631
This PoC demonstrates a CSRF vulnerability in Savane v3.12 and prior, allowing an attacker to change another user's password and escalate privileges by tricking an admin into visiting a malicious webpage.
Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target:
Savane v3.12 and prior
Auth required
Prerequisites:
Victim must be an admin in superuser mode · Victim must visit the malicious webpage
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Exploit, Mitigation, Third Party Advisory
https://github.com/ally-petitt/CVE-2024-27631
Exploit, Third Party Advisory
https://medium.com/%40allypetitt/how-i-found-3-cves-in-2-days-8a135eb924d3
Scores
CVSS v3
6.0
EPSS
0.0042
EPSS Percentile
33.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:L
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-352
Status
published
Products (1)
gnu/savane
< 3.13
Published
Apr 08, 2024
Tracked Since
Feb 18, 2026