CVE-2024-45264

Name of the Vulnerable Software and Affected Versions SkySystem Arfa-CMS versions prior to 5.1.3124

Description A cross-site request forgery (CSRF) vulnerability in the admin panel allows remote attackers to add a new administrator, leading to escalation of privileges. This issue enables attackers to perform unauthorized actions, potentially compromising the security of the system.

Recommendations For SkySystem Arfa-CMS versions prior to 5.1.3124, update to version 5.1.3124 or later to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent CSRF attacks, such as validating user requests and ensuring proper session management. Restrict access to the admin panel to minimize the risk of exploitation.