CVE-2023-52074 – FlyCms v1.0 contains a Cross-Site Request Forge... (How to Fix)

Q: What is the severity of CVE-2023-52074?

CVE-2023-52074 has a CVSS score of 8.8 (HIGH). FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the web configuration update component. This allows attackers to trick authenticated administrators into performing unauthorized configuration changes. Only FlyCms v1.0 installations with administrative access are affected.

📋 TL;DR

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the web configuration update component. This allows attackers to trick authenticated administrators into performing unauthorized configuration changes. Only FlyCms v1.0 installations with administrative access are affected.

💻 Affected Systems

Products:

FlyCms

Versions: v1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative access to exploit. All default installations of FlyCms v1.0 are vulnerable.

📦 What is this software?

Flycms by Flycms Project

View all CVEs affecting Flycms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover through configuration changes leading to arbitrary code execution, data theft, or site defacement.

🟠

Likely Case

Unauthorized configuration changes leading to site disruption, SEO poisoning, or injection of malicious content.

🟢

If Mitigated

Limited impact with proper CSRF protections and admin session management.

🌐 Internet-Facing: HIGH - Web applications are inherently internet-facing and CSRF exploits can be delivered via malicious websites or emails.

🏢 Internal Only: MEDIUM - Internal users could still be targeted via phishing or compromised internal sites.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement. The vulnerability is in a critical configuration update endpoint.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to the system/site/webconfig_update endpoint

Modify webconfig_update handler to require and validate CSRF tokens

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax on session cookies

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect CSRF attempts
Restrict admin access to specific IP addresses or VPN-only access

🔍 How to Verify

Check if Vulnerable:

Check if FlyCms version is 1.0 and if system/site/webconfig_update endpoint lacks CSRF protection

Check Version:

Check FlyCms configuration files or admin panel for version information

Verify Fix Applied:

Test if webconfig_update endpoint now requires and validates CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple configuration change requests from same admin session in short time
Configuration changes without corresponding admin page visits

Network Indicators:

POST requests to system/site/webconfig_update without Referer header validation
Requests with unexpected Origin headers

SIEM Query:

source="web_logs" AND uri="/system/site/webconfig_update" AND NOT referer="*admin*"

📊 Metadata

CVE ID: CVE-2023-52074

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: January 8, 2024

Last Updated: June 13, 2025

🔗 References

https://github.com/zouyang0714/cms/blob/main/1.md Exploit,Third Party Advisory
https://github.com/zouyang0714/cms/blob/main/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-52074, you might also want to check these: