CVE-2024-11142 – A Cross-Site Request Forgery (CSRF) vulnerabili... (How to Fix)

Q: What is the severity of CVE-2024-11142?

CVE-2024-11142 has a CVSS score of 8.8 (HIGH). A Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows attackers to trick authenticated users into performing unintended actions. This affects Proticaret E-Commerce versions before v6.0, potentially compromising administrative functions and user data.

📋 TL;DR

A Cross-Site Request Forgery (CSRF) vulnerability in Gosoft Software Proticaret E-Commerce allows attackers to trick authenticated users into performing unintended actions. This affects Proticaret E-Commerce versions before v6.0, potentially compromising administrative functions and user data.

💻 Affected Systems

Products:

Gosoft Software Proticaret E-Commerce

Versions: All versions before v6.0 (including v4.05 which vendor states is still being fixed)

Operating Systems: Any OS running Proticaret

Default Config Vulnerable: ⚠️ Yes

Notes: All installations with web interface accessible are vulnerable; no special configuration required

📦 What is this software?

Proticaret by Proticaret

View all CVEs affecting Proticaret →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account takeover leading to complete system compromise, data theft, or malicious code injection

🟠

Likely Case

Unauthorized changes to user accounts, orders, or product data through authenticated user sessions

🟢

If Mitigated

Limited impact with proper CSRF protections and user awareness

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks typically require user interaction but are straightforward to implement once vulnerable endpoints are identified

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v6.0 (but vendor indicates v4.05 fix still in progress)

Vendor Advisory: https://www.usom.gov.tr/bildirim/tr-25-0098

Restart Required: Yes

Instructions:

1. Upgrade to Proticaret v6.0 or later when available for your version. 2. For v4.05, wait for vendor patch. 3. Apply patch and restart web server.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add anti-CSRF tokens to all state-changing forms and endpoints

SameSite Cookie Attribute

all

Set SameSite=Strict or Lax attributes on session cookies

Set-Cookie: session=value; SameSite=Strict; Secure; HttpOnly

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect CSRF patterns
Require re-authentication for sensitive administrative actions

🔍 How to Verify

Check if Vulnerable:

Check if forms lack CSRF tokens or if SameSite cookie attributes are missing

Check Version:

Check Proticaret admin panel or configuration files for version number

Verify Fix Applied:

Verify forms include unique CSRF tokens and cookies have SameSite attributes

📡 Detection & Monitoring

Log Indicators:

Multiple state-changing requests from same user without corresponding form submissions
Unusual administrative actions from unexpected IPs

Network Indicators:

HTTP POST requests without Referer headers matching origin
Requests with unexpected Content-Type for form submissions

SIEM Query:

web_requests method=POST AND NOT referer CONTAINS origin_domain AND user_agent NOT CONTAINS 'bot'

📊 Metadata

CVE ID: CVE-2024-11142

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

EPSS Score: 0.03% exploit probability (7.7th percentile)

Published: May 2, 2025

Last Updated: September 12, 2025

🔗 References

https://www.usom.gov.tr/bildirim/tr-25-0098 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-11142, you might also want to check these: