CVE-2023-52072 – FlyCms v1.0 contains a Cross-Site Request Forge... (How to Fix)

Q: What is the severity of CVE-2023-52072?

CVE-2023-52072 has a CVSS score of 8.8 (HIGH). FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /system/site/userconfig_updagte component. This allows attackers to trick authenticated administrators into performing unauthorized configuration changes. All users running FlyCms v1.0 are affected.

📋 TL;DR

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /system/site/userconfig_updagte component. This allows attackers to trick authenticated administrators into performing unauthorized configuration changes. All users running FlyCms v1.0 are affected.

💻 Affected Systems

Products:

FlyCms

Versions: v1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects FlyCms v1.0 with the vulnerable component accessible. Requires administrator authentication for exploitation.

📦 What is this software?

Flycms by Flycms Project

View all CVEs affecting Flycms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify site configuration, change administrator credentials, inject malicious code, or compromise the entire CMS installation.

🟠

Likely Case

Attackers modify site settings, change user permissions, or inject malicious content that affects visitors.

🟢

If Mitigated

With proper CSRF protections, the vulnerability is neutralized and no unauthorized actions can be performed.

🌐 Internet-Facing: HIGH - Web applications are inherently internet-facing and CSRF attacks can be launched remotely.

🏢 Internal Only: MEDIUM - Internal users could still be targeted via phishing or compromised internal sites.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement. Requires the victim to be authenticated as an administrator.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to the /system/site/userconfig_updagte endpoint

Modify PHP code to include and validate CSRF tokens for POST requests

Restrict Access

all

Limit access to the vulnerable endpoint using IP whitelisting or additional authentication

Configure web server (Apache/Nginx) to restrict access to /system/site/userconfig_updagte

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF attempts
Require re-authentication for sensitive configuration changes

🔍 How to Verify

Check if Vulnerable:

Check if FlyCms version is 1.0 and the /system/site/userconfig_updagte endpoint exists without CSRF protection

Check Version:

Check FlyCms configuration files or admin panel for version information

Verify Fix Applied:

Test that POST requests to /system/site/userconfig_updagte require valid CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /system/site/userconfig_updagte from different sessions
Configuration changes without corresponding admin login events

Network Indicators:

HTTP requests to /system/site/userconfig_updagte with Referer headers from external domains

SIEM Query:

source="web_logs" AND uri="/system/site/userconfig_updagte" AND method="POST" AND NOT referer CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2023-52072

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: January 8, 2024

Last Updated: April 17, 2025

🔗 References

https://github.com/zouyang0714/cms/blob/main/2.md Exploit,Third Party Advisory
https://github.com/zouyang0714/cms/blob/main/2.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52072, you might also want to check these: