CSRF Vulnerability in NCR Terminal Handler v.1.5.1 Allows One-Click Account Takeover

CVE-2023-47024 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.

Learn more about our Web Application Penetration Testing UK.