CVE-2024-35039

Name of the Vulnerable Software and Affected Versions idccms version 1.35

Description The issue is a Cross-Site Request Forgery (CSRF) that affects the idccms software. It occurs via the "admin/tplSys deal.php?mudi=area" endpoint. This allows for unauthorized actions to be performed on behalf of a user without their knowledge or consent.

Recommendations For idccms version 1.35, as a temporary workaround, consider restricting access to the "admin/tplSys deal.php" endpoint until a patch is available. Additionally, avoid using the mudi parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.