Paolo GeoDirectory CVE-2026-24549
MEDIUMSeverity by source
AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Lifecycle Timeline
2DescriptionCVE.org
Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a before 2.8.150.
AnalysisAI
GeoDirectory versions before 2.8.150 are vulnerable to cross-site request forgery attacks that could allow an attacker to perform unauthorized actions on behalf of authenticated users. The vulnerability requires user interaction to exploit and can result in integrity violations, though no patch is currently available.
Technical ContextAI
Classified as CWE-352 (Cross-Site Request Forgery (CSRF)). Affects from n/a. Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a before 2.8.150.
Affected ProductsAI
Cross-Site Request Forgery (CSRF) vulnerability in Paolo GeoDirectory allows Cross Site Request Forgery.This issue affects GeoDirectory: from n/a befo
RemediationAI
Monitor vendor advisories for a patch. Restrict network access to the affected service where possible.
Same weakness CWE-352 – Cross-Site Request Forgery (CSRF)
View allShare
External POC / Exploit Code
Leaving vuln.today