CVE-2024-56903

HIGH

Geovision GV-ASWeb <6.1.1.0 - CSRF

Title source: llm

Description

Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.

Exploits (1)

nomisec WRITEUP 2 stars

by DRAGOWN · poc

https://github.com/DRAGOWN/CVE-2024-56903

View Code ZIP pw:eip

References (1)

[Various Sources] https://github.com/DRAGOWN/CVE-2024-56903

Scores

CVSS v3 8.1

EPSS 0.0035

EPSS Percentile 57.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Published Feb 03, 2025

Tracked Since Feb 18, 2026