CVE-2024-27474 Information

Description

Leantime 3.0.6 is vulnerable to Cross Site Request Forgery (CSRF). This vulnerability allows malicious actors to perform unauthorized actions on behalf of authenticated users specifically administrators.

Reference

https://drive.proton.me/urls/67VER05Z84#f0fXnmp8o6Y9 https://drive.proton.me/urls/67VER05Z84#f0fXnmp8o6Y9 https://github.com/Leantime/leantime/blob/264a7dbc2c9b18f574821bf27dd568a287ee8498/app/Domain/Users/Controllers/NewUser.php#L16 https://github.com/dead1nfluence/Leantime-POC/blob/main/README.md