CVE-2024-56901

HIGH

Geovision GV-ASWeb <=6.1.1.0 - CSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-56901. PoCs published by Giorgi Dograshvili, DRAGOWN.

AI-analyzed exploit summary This exploit demonstrates a CSRF vulnerability in GeoVision GV-ASManager 6.1.1.0 or earlier, allowing attackers to create an admin account via a crafted GET request. The PoC includes a malicious HTML form that submits a request to the target application, leveraging the vulnerability to create a new administrator account.

Description

A Cross-Site Request Forgery (CSRF) vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF attack.

Exploits (3)

exploitdb WORKING POC
by Giorgi Dograshvili · textwebappsmultiple
https://www.exploit-db.com/exploits/52187

This exploit demonstrates a CSRF vulnerability in GeoVision GV-ASManager 6.1.1.0 or earlier, allowing attackers to create an admin account via a crafted GET request. The PoC includes a malicious HTML form that submits a request to the target application, leveraging the vulnerability to create a new administrator account.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: GeoVision GV-ASManager 6.1.1.0 or less
No auth needed
Prerequisites: Network access to the GV-ASManager web application · Administrator's interaction with an open session in the browser
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WRITEUP 2 stars
by DRAGOWN · poc
https://github.com/DRAGOWN/CVE-2024-56903

This repository provides a detailed technical analysis of CVE-2024-56903, a vulnerability in Geovision GV-ASManager that allows attackers to modify POST requests to GET, enabling CSRF attacks when chained with CVE-2024-56901. The writeup includes step-by-step exploitation details and screenshots.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Geovision GV-ASManager v6.1.1.0 or less
No auth needed
Prerequisites: Network access to the GV-ASManager web application · Geovision ASManager version 6.1.1.0 or less
devstral-2 · analyzed Feb 19, 2026 Full analysis →
nomisec WORKING POC 2 stars
by DRAGOWN · poc
https://github.com/DRAGOWN/CVE-2024-56901

This repository contains a working PoC for CVE-2024-56901, a CSRF vulnerability in Geovision GV-ASManager v6.1.1.0 or less. The exploit demonstrates how an attacker can create an admin account via a crafted GET request, leveraging CVE-2024-56903 to change the request method from POST to GET.

Classification
Working Poc 100%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Geovision GV-ASManager v6.1.1.0 or less
Auth required
Prerequisites: Geovision GV-ASManager v6.1.1.0 or less · Network access to the GV-ASManager web application · Administrator's interaction with an open session in the browser
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.8
EPSS 0.0067
EPSS Percentile 71.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-352
Status published
Published Feb 03, 2025
Tracked Since Feb 18, 2026