Pangchunyuhack

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered in idccms. The issue is related to the "/admin/userLevel deal.php" API endpoint, specifically with the `mudi` parameter when set to "del". This allows for unauthorized actions to be performed. **Recommendations** For idccms version 1.35, as a temporary workaround, consider disabling access to the "/admin/userLevel deal.php" endpoint or restricting the use of the `mudi` parameter until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** A Cross-Site Request Forgery (CSRF) issue was discovered in idccms. The vulnerability can be exploited via the "/admin/userGroup deal.php" endpoint with specific parameters `mudi` and `nohrefStr`. This allows for unauthorized actions to be performed on behalf of a user. **Recommendations** For idccms version 1.35, as a temporary workaround, consider restricting access to the "/admin/userGroup deal.php" endpoint until a patch is available. Avoid using the parameters `mudi` and `nohrefStr` in this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** A Cross-Site Request Forgery (CSRF) issue was found in idccms. The issue is related to the "/admin/userScore deal.php" API endpoint, specifically with the `mudi` parameter set to "del". This allows for unauthorized actions to be performed. **Recommendations** For idccms version 1.35, as a temporary workaround, consider restricting access to the "/admin/userScore deal.php" API endpoint or disabling the `mudi=del` functionality until a patch is available. Avoid using the `mudi` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** idccms version 1.35 **Description** A Cross-Site Request Forgery (CSRF) issue was found in idccms. The issue is related to the "/admin/userGroup deal.php" API endpoint, specifically with the `mudi` variable when set to "del". This allows for unauthorized actions to be performed. **Recommendations** For idccms version 1.35, as a temporary workaround, consider disabling access to the "/admin/userGroup deal.php" endpoint or restricting the use of the `mudi` variable until a patch is available. Avoid using the `mudi=del` parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.