Login Sign Up

CVE-2023-42321

8.8 HIGH
Remote Code Execution CSRF

📋 TL;DR

This CSRF vulnerability in iCMSv.7.0.16 allows attackers to trick authenticated administrators into executing arbitrary code through malicious requests to admin control panel files. It affects all iCMS installations running version 7.0.16 with admin access enabled. Attackers can compromise the entire system if an admin visits a malicious page while logged in.

💻 Affected Systems

Products:
  • icmsdev iCMS
Versions: 7.0.16
Operating Systems: All platforms running iCMS
Default Config Vulnerable: ⚠️ Yes
Notes: Requires admin access to be enabled and admin to be logged in

📦 What is this software?

Icms by Icmsdev

View all CVEs affecting Icms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with remote code execution leading to data theft, defacement, or ransomware deployment

🟠

Likely Case

Unauthorized administrative actions, privilege escalation, or backdoor installation

🟢

If Mitigated

No impact if proper CSRF protections are implemented or admin sessions are properly secured

🌐 Internet-Facing: HIGH - Admin panels are often internet-facing and attackers can craft malicious pages
🏢 Internal Only: MEDIUM - Internal users could still exploit if they can trick admins

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires social engineering to trick admin into visiting malicious page

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.0.17 or later

Vendor Advisory: https://www.icmsdev.com/

Restart Required: No

Instructions:

1. Download latest version from icmsdev.com 2. Backup current installation 3. Replace vulnerable files with patched versions 4. Verify CSRF tokens are implemented

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to admin forms and validate them server-side

Add CSRF token generation and validation to user.admincp.php, members.admincp.php, and group.admincp.php

Restrict Admin Access

all

Limit admin panel access to specific IPs or VPN

Add IP whitelisting to .htaccess or web server config for admin directories

🧯 If You Can't Patch

  • Implement strict SameSite cookie policies and require re-authentication for sensitive actions
  • Use browser extensions that block CSRF attempts and monitor admin panel access logs

🔍 How to Verify

Check if Vulnerable:

Check if running iCMS version 7.0.16 and examine admin files for CSRF token validation

Check Version:

Check iCMS version in admin panel or config files

Verify Fix Applied:

Test admin forms require CSRF tokens and validate them properly

📡 Detection & Monitoring

Log Indicators:

  • Multiple admin actions from same session without CSRF tokens
  • Admin actions from unexpected referrers

Network Indicators:

  • HTTP POST requests to admin files without CSRF tokens
  • Requests with suspicious referrer headers

SIEM Query:

source="web_logs" AND (uri="/user.admincp.php" OR uri="/members.admincp.php" OR uri="/group.admincp.php") AND csrf_token=""

📊 Metadata

CVE ID: CVE-2023-42321
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: September 20, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-42321, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)