CVE-2023-47020

Published: Feb 8, 2024Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Multiple Cross-Site Request Forgery (CSRF) chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that lacks security controls and can accept custom content types.

Affected (1)

Products: Ncratleos: Terminal Handler

1 product

Terminal Handler

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ncratleos Terminal Handler	Version 1.5.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47020

Source: cve@mitre.org

Third Party Advisory

https://youtu.be/pGB3LKdf64w

Source: cve@mitre.org

Exploit

https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47020

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://youtu.be/pGB3LKdf64w

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

Timeline

No history available yet.