CVE-2024-33830

Name of the Vulnerable Software and Affected Versions idccms version 1.35

Description A Cross-Site Request Forgery (CSRF) issue was discovered in the /admin/readDeal.php component, specifically via the mudi parameter set to clearWebCache. This allows for unauthorized actions to be performed on behalf of a user.

Recommendations For idccms version 1.35, as a temporary workaround, consider disabling access to the /admin/readDeal.php component until a patch is available. Restricting the use of the mudi parameter, especially when set to clearWebCache, can also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.