PT-2024-28352 · Idccms · Idccms
Published
2024-07-02
·
Updated
2024-07-11
·
CVE-2024-39119
CVSS v3.1
5.4
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
idccms version 1.35
Description
The issue is related to a Cross-Site Request Forgery (CSRF) in idccms. It can be exploited via the "admin/info deal.php" endpoint with specific parameters
mudi and nohrefStr. The mudi parameter is set to rev and nohrefStr to close.Recommendations
For idccms version 1.35, as a temporary workaround, consider restricting access to the "admin/info deal.php" endpoint until a patch is available. Avoid using the parameters
mudi and nohrefStr in this endpoint until the issue is resolved.Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Idccms