CVE-2024-56903

HIGH

Geovision GV-ASWeb <= 6.1.1.0 - Cross-Site Request Forgery via POST to GET Method Conversion

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-56903. PoCs published by DRAGOWN.

AI-analyzed exploit summary This repository documents CVE-2024-56903, a method override vulnerability in Geovision GV-ASManager 6.1.1.0 or earlier, allowing attackers to replace POST requests with GET requests for critical functionalities like account management. It is chained with CVE-2024-56901 for CSRF attacks.

Description

Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack.

Exploits (1)

nomisec WRITEUP 2 stars
by DRAGOWN · poc
https://github.com/DRAGOWN/CVE-2024-56903

This repository documents CVE-2024-56903, a method override vulnerability in Geovision GV-ASManager 6.1.1.0 or earlier, allowing attackers to replace POST requests with GET requests for critical functionalities like account management. It is chained with CVE-2024-56901 for CSRF attacks.

Classification
Writeup 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Geovision GV-ASManager <= 6.1.1.0
No auth needed
Prerequisites: Network access to GV-ASManager · Geovision GV-ASManager version 6.1.1.0 or earlier
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.0033
EPSS Percentile 24.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-352
Status published
Published Feb 03, 2025
Tracked Since Feb 18, 2026