cve-2024-23831 (Cross Site Request Forgery)
Privilege escalation through CSRF attack on 'setup.pl'
Summary
When a LedgerSMB database administrator has an active session in /setup.pl,
an attacker can trick the admin into clicking on a link which automatically
submits a request to setup.pl without the admin's consent. This request can
be used to create a new user account with full application (/login.pl)
privileges, leading to privilege escalation.
Known vulnerable
All of: