CVE-2024-4172

Name of the Vulnerable Software and Affected Versions idcCMS version 1.35

Description A problematic issue was found in idcCMS, affecting an unknown functionality of the file "/admin/admin cl.php?mudi=revPwd". This issue leads to cross-site request forgery and can be launched remotely.

Recommendations For idcCMS version 1.35, as a temporary workaround, consider restricting access to the "/admin/admin cl.php" endpoint until a patch is available. Avoid using the mudi parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.