CVE-2024-40038

Name of the Vulnerable Software and Affected Versions idccms version 1.35

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. This vulnerability can be exploited via the "/admin/userScore deal.php" endpoint, specifically when the mudi parameter is set to "rev". CSRF is a type of attack where an attacker tricks a user into performing unintended actions on a web application that the user is authenticated to.

Recommendations For idccms version 1.35, consider disabling access to the "/admin/userScore deal.php" endpoint until a patch is available, or restrict the use of the mudi parameter to minimize the risk of exploitation.