CVE-2020-18458 – This CSRF vulnerability in DamiCMS v6.0.6 allow... (How to Fix)

Q: What is the severity of CVE-2020-18458?

CVE-2020-18458 has a CVSS score of 8.0 (HIGH). This CSRF vulnerability in DamiCMS v6.0.6 allows attackers to create unauthorized admin accounts by tricking authenticated administrators into visiting malicious web pages. It affects all DamiCMS v6.0.6 installations with the admin interface accessible. Attackers can gain administrative control of the CMS without needing credentials.

📋 TL;DR

This CSRF vulnerability in DamiCMS v6.0.6 allows attackers to create unauthorized admin accounts by tricking authenticated administrators into visiting malicious web pages. It affects all DamiCMS v6.0.6 installations with the admin interface accessible. Attackers can gain administrative control of the CMS without needing credentials.

💻 Affected Systems

Products:

DamiCMS

Versions: v6.0.6

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin interface to be accessible and an authenticated admin session.

📦 What is this software?

Damicms by Damicms

View all CVEs affecting Damicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the CMS with attacker creating persistent admin accounts, leading to data theft, defacement, or further system compromise.

🟠

Likely Case

Attackers create backdoor admin accounts to maintain access, modify content, or steal sensitive data from the CMS.

🟢

If Mitigated

Limited impact if CSRF protections are implemented, though the vulnerability still exists in the codebase.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick authenticated admin into visiting malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: https://github.com/AutismJH/damicms/issues/5

Restart Required: No

Instructions:

No official patch available. Implement CSRF tokens in admin.php?s=/Admin/doadd endpoint or upgrade if newer version exists.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF token validation to the admin account creation endpoint

Modify admin.php to include and validate CSRF tokens for doadd action

Restrict Admin Interface Access

all

Limit access to admin interface to specific IP addresses or networks

Add IP-based restrictions in web server configuration or application firewall

🧯 If You Can't Patch

Implement network segmentation to isolate CMS admin interface
Use browser extensions that block CSRF attacks and enforce same-origin policies

🔍 How to Verify

Check if Vulnerable:

Check if admin.php?s=/Admin/doadd endpoint accepts POST requests without CSRF token validation

Check Version:

Check CMS version in admin panel or configuration files

Verify Fix Applied:

Test that admin account creation fails without valid CSRF token

📡 Detection & Monitoring

Log Indicators:

Multiple admin account creation attempts from same session
Admin account creation from unusual IP addresses

Network Indicators:

POST requests to admin.php?s=/Admin/doadd without referrer validation
Cross-origin requests to admin endpoints

SIEM Query:

source="web_logs" AND uri="/admin.php" AND params="s=/Admin/doadd" AND method="POST"

📊 Metadata

CVE ID: CVE-2020-18458

CVSS v3 Score: 8.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: August 12, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/AutismJH/damicms/issues/5 Exploit,Issue Tracking,Third Party Advisory
https://github.com/AutismJH/damicms/issues/5 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-18458, you might also want to check these: