CVE-2023-47024

Published: Jan 20, 2024Modified: Jun 17, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.

Affected (1)

Products: Ncratleos: Terminal Handler

1 product

Terminal Handler

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ncratleos Terminal Handler	Version 1.5.1

Related CWEs

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (4)

https://docs.google.com/document/d/18EOsFghBsAme0b3Obur8Oc6h5xV9zUCNKyQLw5ERs9Q/edit?usp=sharing

Source: cve@mitre.org

Permissions Required

https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47024

Source: cve@mitre.org

Third Party Advisory

https://docs.google.com/document/d/18EOsFghBsAme0b3Obur8Oc6h5xV9zUCNKyQLw5ERs9Q/edit?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions Required

https://github.com/Patrick0x41/Security-Advisories/tree/main/CVE-2023-47024

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.