CVE-2024-51144

High

Published: 05 March 2025

Published

05 March 2025

Modified

15 April 2026

KEV Added

—

Patch

—

CVSS Score 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Score 0.0312 86.9th percentile

Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-51144 is a high-severity CSRF (CWE-352) vulnerability in Github (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Spearphishing Link (T1566.002); ranked in the top 13.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SC-23 (Session Authenticity) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Spearphishing Link (T1566.002) and 1 other technique. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SC-23 Session Authenticity good match

prevent

Directly requires mechanisms to protect session authenticity, countering CSRF attacks that exploit valid user sessions via forged requests to vulnerable Ampache endpoints.

SI-10 Information Input Validation good match

prevent

Mandates validation of information inputs, including CSRF tokens on state-changing endpoints like pvmsg.php?action=add_message, confirm_delete, and ajax.server.php?page=user&action=flip_follow.

CM-6 Configuration Settings partial match

prevent

Requires secure configuration settings for web applications, ensuring CSRF protections such as token generation and validation are implemented and enforced.

MITRE ATT&CK Enterprise TechniquesAI

T1566.002 Spearphishing Link Initial Access

Adversaries may send spearphishing emails with a malicious link in an attempt to gain access to victim systems.

attack.mitre.org →

T1204.001 Malicious Link Execution

An adversary may rely upon a user clicking a malicious link in order to gain execution.

attack.mitre.org →

Why these techniques?

The CSRF vulnerability requires tricking an authenticated user into clicking a malicious link to submit forged requests to unprotected endpoints, directly enabling spearphishing link delivery and malicious link execution.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Cross Site Request Forgery (CSRF) vulnerability exists in the 'pvmsg.php?action=add_message', pvmsg.php?action=confirm_delete , and ajax.server.php?page=user&action=flip_follow endpoints in Ampache <= 6.6.0.

Deeper analysisAI

CVE-2024-51144 is a Cross-Site Request Forgery (CSRF) vulnerability, mapped to CWE-352, affecting Ampache versions up to and including 6.6.0. The issue exists in the endpoints pvmsg.php?action=add_message, pvmsg.php?action=confirm_delete, and ajax.server.php?page=user&action=flip_follow, which lack proper CSRF protections.

The vulnerability carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H), indicating it is exploitable over the network with low attack complexity by unauthenticated attackers, though it requires user interaction such as clicking a malicious link. An attacker can trick an authenticated user into submitting forged requests to these endpoints, enabling unauthorized actions like adding private messages, confirming message deletions, or toggling user follow status, resulting in high impacts to confidentiality, integrity, and availability.

Advisories and mitigation guidance are available in the Ampache GitHub repository at https://github.com/ampache/ampache, as well as researcher publications at https://nitipoom-jar.github.io/CVE-2024-51144/ and https://nitipoom-jaroonchaipipat.github.io/security-research-portal/2024-51144. Security practitioners should consult these sources for patch details and recommended remediation steps.