CVE-2024-34958

Name of the Vulnerable Software and Affected Versions idccms version 1.35

Description A Cross-Site Request Forgery (CSRF) issue was discovered in idccms via the component "admin/banner deal.php?mudi=add". This allows for potential unauthorized actions.

Recommendations For idccms version 1.35, as a temporary workaround, consider disabling access to the "admin/banner deal.php" component until a patch is available. Restrict access to the mudi parameter in the affected API endpoint to minimize the risk of exploitation.