CVE-2024-40329

Name of the Vulnerable Software and Affected Versions idccms version 1.35

Description The issue is a Cross-Site Request Forgery (CSRF) vulnerability. It can be exploited via the "/admin/softBak deal.php" API endpoint, specifically when the mudi parameter is set to "backup". This allows an attacker to perform unauthorized actions on the system.

Recommendations For idccms version 1.35, as a temporary workaround, consider restricting access to the "/admin/softBak deal.php" API endpoint to minimize the risk of exploitation. Avoid using the mudi parameter with the value "backup" in this endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.