CVE-2024-48758

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions dingfanzu CMS version 1.0

Description The issue is a Cross-Site Request Forgery (CSRF) that allows a remote attacker to execute arbitrary code via the addPro parameter of the doAdminAction.php component. This enables unauthorized actions.

Recommendations For dingfanzu CMS version 1.0, patch immediately and validate user requests to prevent unauthorized actions. As a temporary workaround, consider restricting access to the doAdminAction.php component or disabling the addPro parameter until a patch is available.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2024-48758

Affected Products

Dingfanzu Cms

CVE-2024-48758

Weakness Enumeration

Related Identifiers

Affected Products

References · 7