CVE-2024-35555

Name of the Vulnerable Software and Affected Versions idccms version 1.35

Description The issue is related to a Cross-Site Request Forgery (CSRF) in the component /admin/share switch.php. The affected endpoint includes parameters such as mudi, dataType, fieldName, fieldName2, tabName, and dataID. This CSRF issue may allow unauthorized actions to be performed.

Recommendations For idccms version 1.35, as a temporary workaround, consider disabling access to the /admin/share switch.php endpoint until a patch is available. Restricting the use of the mudi, dataType, fieldName, fieldName2, tabName, and dataID parameters in this endpoint may also help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.