Cross site request forgery (csrf)

2024-01-2002:15:00

PRIOn knowledge base

www.prio-n.com

cross-site request forgery

ncr terminal handler

account takeover

vulnerabilities

weak security controls

custom content types

AI Score

7.4

Confidence

Low

EPSS

0.001

Percentile

30.3%

JSON

Cross-Site Request Forgery (CSRF) in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types.