CVE-2024-46600

Name of the Vulnerable Software and Affected Versions dingfanzu CMS version 1.0

Description The issue is related to a Cross-Site Request Forgery (CSRF) vulnerability. It can be exploited via the "/admin/doAdminAction.php" API endpoint, specifically when the act parameter is set to delCate and the id parameter is set to a specific value, such as 31. This allows an attacker to perform unauthorized actions on the system.

Recommendations For dingfanzu CMS version 1.0, as a temporary workaround, consider disabling the /admin/doAdminAction.php API endpoint or restricting access to it until a patch is available. Avoid using the act parameter with the value delCate and the id parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.