Bearman113

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) in the component `/admin/infoMove deal.php` with parameters `mudi=del`, `dataType=logo`, and `dataTypeCN`. This allows for unauthorized actions to be performed. **Recommendations** For idccms version 1.35, consider disabling access to the `/admin/infoMove deal.php` component until a patch is available. Restrict the use of parameters `mudi`, `dataType`, and `dataTypeCN` in this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) in the component /admin/infoWeb deal.php. The `mudi`, `dataType`, and `dataTypeCN` parameters are involved. This allows for unauthorized actions to be performed. **Recommendations** For idccms version 1.35, as a temporary workaround, consider disabling access to the /admin/infoWeb deal.php component until a patch is available. Restrict the use of the `mudi`, `dataType`, and `dataTypeCN` parameters in this component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) in the component /admin/share switch.php. The affected endpoint includes parameters such as `mudi`, `dataType`, `fieldName`, `fieldName2`, `tabName`, and `dataID`. This CSRF issue may allow unauthorized actions to be performed. **Recommendations** For idccms version 1.35, as a temporary workaround, consider disabling access to the /admin/share switch.php endpoint until a patch is available. Restricting the use of the `mudi`, `dataType`, `fieldName`, `fieldName2`, `tabName`, and `dataID` parameters in this endpoint may also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered in idccms via the component "/admin/vpsApi deal.php?mudi=rev&nohrefStr=close". This issue allows for unauthorized requests to be made on behalf of the user. **Recommendations** For idccms version 1.35, as a temporary workaround, consider disabling access to the "/admin/vpsApi deal.php" component until a patch is available. Restrict access to the `mudi` and `nohrefStr` parameters in the affected API endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** The issue is related to a Cross-Site Request Forgery (CSRF) in the component "/admin/infoMove deal.php" with parameters `mudi` and `nohrefStr`. This allows for unauthorized actions. **Recommendations** For idccms version 1.35, as a temporary workaround, consider restricting access to the "/admin/infoMove deal.php" endpoint until a patch is available. Avoid using the parameters `mudi` and `nohrefStr` in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered in idccms via the component /admin/ca deal.php?mudi=add&nohrefStr=close. This allows for unauthorized actions to be performed on behalf of a user. **Recommendations** For idccms version 1.35, as a temporary workaround, consider restricting access to the /admin/ca deal.php component until a patch is available. Additionally, avoid using the `mudi` and `nohrefStr` parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.