CVE-2020-23342 – This CSRF vulnerability in Anchor CMS allows at... (How to Fix)

📋 TL;DR

This CSRF vulnerability in Anchor CMS allows attackers to trick authenticated administrators into unknowingly deleting admin user accounts. It affects Anchor CMS installations where administrators access the control panel while logged into malicious sites. The vulnerability requires an admin to be tricked into visiting a malicious page while authenticated.

💻 Affected Systems

Products:

Anchor CMS

Versions: 0.12.7 and likely earlier versions

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with administrative users. Requires admin authentication session to be exploited.

📦 What is this software?

Anchor Cms by Anchorcms

View all CVEs affecting Anchor Cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the CMS by deleting all administrative accounts, leading to loss of administrative control and potential site takeover.

🟠

Likely Case

Selective deletion of admin accounts causing administrative disruption and potential privilege escalation for attackers.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or administrators use separate browser sessions for admin tasks.

🌐 Internet-Facing: HIGH - CMS admin panels are typically internet-facing and administrators may access from various networks.

🏢 Internal Only: MEDIUM - Lower risk if admin panel is strictly internal, but still vulnerable to internal threats or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires crafting malicious HTML/JavaScript page that triggers admin user deletion when visited by authenticated admin.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not specified by vendor

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Manually patch anchor/views/users/edit.php to add CSRF tokens
2. Verify all user management forms have proper CSRF protection
3. Test the fix thoroughly before deploying to production

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to user edit forms and validate them on submission

Edit anchor/views/users/edit.php to include CSRF token generation and validation

Restrict Admin Panel Access

all

Limit admin panel access to specific IP addresses or VPN-only connections

Configure web server (Apache/Nginx) to restrict access to /admin paths

🧯 If You Can't Patch

Implement strict SameSite cookie policies for admin sessions
Require administrators to use separate browser profiles or incognito mode for admin tasks

🔍 How to Verify

Check if Vulnerable:

Check if anchor/views/users/edit.php lacks CSRF token validation in form submissions

Check Version:

Check Anchor CMS version in admin panel or read version from anchor/constants.php

Verify Fix Applied:

Test that user deletion requests fail without valid CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple admin user deletion events from same session
Admin actions without proper referrer headers

Network Indicators:

HTTP POST requests to user deletion endpoints without CSRF tokens
Suspicious referrer URLs in admin panel requests

SIEM Query:

source="web_logs" AND (uri_path="/admin/users/delete" OR action="user_delete") AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2020-23342

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: January 19, 2021

Last Updated: November 21, 2024

🔗 References

http://anchorcms.com/ Product,Vendor Advisory
http://packetstormsecurity.com/files/161048/Anchor-CMS-0.12.7-Cross-Site-Request-Forgery.html Exploit,Third Party Advisory,VDB Entry
https://anchorcms.com/ Product,Vendor Advisory
https://twitter.com/NinadMishra5/status/1350077938176151558 Exploit,Third Party Advisory
http://anchorcms.com/ Product,Vendor Advisory
http://packetstormsecurity.com/files/161048/Anchor-CMS-0.12.7-Cross-Site-Request-Forgery.html Exploit,Third Party Advisory,VDB Entry
https://anchorcms.com/ Product,Vendor Advisory
https://twitter.com/NinadMishra5/status/1350077938176151558 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2020-23342, you might also want to check these: