CVE-2024-46485

Name of the Vulnerable Software and Affected Versions dingfanzu CMS version 1.0

Description The issue is related to a Cross-Site Request Forgery (CSRF) that can be exploited via the "/admin/doAdminAction.php?act=addCate" API endpoint. This allows an attacker to perform unauthorized actions on the system.

Recommendations For dingfanzu CMS version 1.0, consider implementing proper CSRF protection mechanisms, such as token-based validation, to prevent unauthorized requests to the "/admin/doAdminAction.php?act=addCate" endpoint. As a temporary workaround, restrict access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.