CVE-2020-19951 – This CSRF vulnerability in YzmCMS v5.5 allows a... (How to Fix)

Q: What is the severity of CVE-2020-19951?

CVE-2020-19951 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in YzmCMS v5.5 allows attackers to trick authenticated users into performing unintended actions by submitting malicious requests. Attackers could potentially modify payment settings or access sensitive administrative functions. All users running YzmCMS v5.5 are affected.

📋 TL;DR

This CSRF vulnerability in YzmCMS v5.5 allows attackers to trick authenticated users into performing unintended actions by submitting malicious requests. Attackers could potentially modify payment settings or access sensitive administrative functions. All users running YzmCMS v5.5 are affected.

💻 Affected Systems

Products:

YzmCMS

Versions: v5.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: The vulnerability is in the payment controller component and affects all installations of YzmCMS v5.5.

📦 What is this software?

Yzmcms by Yzmcms

View all CVEs affecting Yzmcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify payment configurations, redirect funds, or gain administrative access to the CMS, potentially leading to financial loss or complete system compromise.

🟠

Likely Case

Attackers could modify payment settings or perform unauthorized administrative actions through tricked authenticated users.

🟢

If Mitigated

With proper CSRF protections, the vulnerability would be blocked, preventing unauthorized actions even if malicious requests are sent.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking an authenticated user into visiting a malicious page or clicking a malicious link.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v5.6 or later

Vendor Advisory: https://github.com/yzmcms/yzmcms/issues/43

Restart Required: No

Instructions:

1. Upgrade YzmCMS to version 5.6 or later. 2. Replace the affected /controller/pay.class.php file with the patched version. 3. Verify CSRF tokens are properly implemented in payment forms.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all payment-related forms and validate them server-side.

Edit /controller/pay.class.php to include CSRF token validation

Restrict Payment Controller Access

all

Implement additional authentication checks or IP restrictions for payment-related endpoints.

Add authentication middleware to payment controller routes

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF attacks
Educate users about phishing risks and implement strict access controls for payment functions

🔍 How to Verify

Check if Vulnerable:

Check if running YzmCMS v5.5 and examine /controller/pay.class.php for missing CSRF token validation.

Check Version:

Check YzmCMS configuration files or admin panel for version information

Verify Fix Applied:

Verify the YzmCMS version is 5.6 or later and test payment forms for proper CSRF token implementation.

📡 Detection & Monitoring

Log Indicators:

Multiple failed payment requests from same IP
Unusual payment configuration changes

Network Indicators:

Requests to payment endpoints without proper referrer headers
Suspicious cross-origin requests

SIEM Query:

source="web_logs" AND (uri="/controller/pay.class.php" AND NOT csrf_token_valid="true")

📊 Metadata

CVE ID: CVE-2020-19951

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: September 23, 2021

Last Updated: November 21, 2024

🔗 References

https://github.com/yzmcms/yzmcms/issues/43 Exploit,Issue Tracking,Third Party Advisory
https://github.com/yzmcms/yzmcms/issues/43 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-19951, you might also want to check these: