CVE-2024-37774

Published: Dec 16, 2024Modified: Jun 20, 2025

8.0

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.1 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

A Cross-Site Request Forgery (CSRF) in Sunbird DCIM dcTrack v9.1.2 allows authenticated attackers to escalate their privileges by forcing an Administrator user to perform sensitive requests in some admin screens.

Affected (1)

Products: Sunbirddcim: Dctrack

Sunbirddcim

1 product

Dctrack

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sunbirddcim Dctrack	Version 9.1.2

Related CWEs

CWE-352

Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

References (2)

http://dctrack.com

Source: cve@mitre.org

Product

https://s3.us-east-1.amazonaws.com/dcTrack.Docs/dcTrack_9.2.0_GA/dcTrack_9.2.0_Release_Notes.pdf

Source: cve@mitre.org

Release Notes

Timeline

No history available yet.