CVE-2022-33121 – This CSRF vulnerability in MiniCMS v1.11 allows... (How to Fix)

Q: What is the severity of CVE-2022-33121?

CVE-2022-33121 has a CVSS score of 8.1 (HIGH). This CSRF vulnerability in MiniCMS v1.11 allows attackers to trick authenticated users into clicking malicious links that delete local .dat files. Any MiniCMS v1.11 installation with authenticated users is affected, potentially leading to data loss or system disruption.

📋 TL;DR

This CSRF vulnerability in MiniCMS v1.11 allows attackers to trick authenticated users into clicking malicious links that delete local .dat files. Any MiniCMS v1.11 installation with authenticated users is affected, potentially leading to data loss or system disruption.

💻 Affected Systems

Products:

MiniCMS

Versions: v1.11

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user session; affects all installations of v1.11 regardless of configuration.

📦 What is this software?

Minicms by 1234n

View all CVEs affecting Minicms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Critical configuration or data files are deleted, causing complete CMS failure, data loss, and potential privilege escalation if system files are affected.

🟠

Likely Case

CMS data files are deleted, causing content loss, broken functionality, and requiring restoration from backups.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if the system is patched.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires authenticated user to click malicious link; trivial to weaponize as simple HTML page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.12 or later

Vendor Advisory: https://github.com/bg5sbk/MiniCMS/issues/45

Restart Required: No

Instructions:

1. Download latest MiniCMS version from official repository. 2. Backup current installation. 3. Replace vulnerable files with patched version. 4. Verify CSRF tokens are now properly implemented.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all state-changing requests manually

Restrict File Deletion Permissions

linux

Set .dat files to read-only for web server user

chmod 444 *.dat
chown root:root *.dat

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block CSRF attempts
Educate users about phishing risks and implement strict access controls

🔍 How to Verify

Check if Vulnerable:

Check MiniCMS version in admin panel or by examining source files for version 1.11

Check Version:

grep -r 'version' *.php or check admin dashboard

Verify Fix Applied:

Verify version is 1.12+ and test that state-changing requests require CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple .dat file deletion attempts
Unauthorized file deletion requests from authenticated sessions

Network Indicators:

POST requests to delete endpoints without CSRF tokens
Suspicious referrer headers

SIEM Query:

source="web_logs" AND (uri="/delete" OR uri="/remove") AND method="POST" AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2022-33121

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE: CWE-352

Published: June 24, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/bg5sbk/MiniCMS/issues/45 Exploit,Issue Tracking,Third Party Advisory
https://github.com/bg5sbk/MiniCMS/issues/45 Exploit,Issue Tracking,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-33121, you might also want to check these: