Login Sign Up

CVE-2024-12666

4.7 MEDIUM
Authentication Bypass

📋 TL;DR

This vulnerability in ClassCMS allows attackers to perform vertical privilege escalation through improper privilege handling in the user management component. Attackers can exploit this remotely to gain administrative privileges. All ClassCMS installations up to version 4.8 are affected.

💻 Affected Systems

Products:
  • ClassCMS
Versions: up to 4.8
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Affects the /admin?do=admin:user:editPost endpoint in the user management component.

📦 What is this software?

Classcms by Classcms

View all CVEs affecting Classcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control over the CMS, allowing them to modify content, install malicious plugins, access sensitive data, and potentially compromise the underlying server.

🟠

Likely Case

Attackers gain administrative access to the CMS backend, enabling content manipulation, user account compromise, and potential data exfiltration.

🟢

If Mitigated

Attack is prevented through proper access controls, network segmentation, and monitoring, limiting impact to attempted privilege escalation.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires some level of access to the admin interface but detailed public disclosure increases weaponization risk.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor ClassCMS official channels for security updates. 2. Upgrade to version 4.9 or higher when available. 3. Apply any security patches immediately upon release.

🔧 Temporary Workarounds

Restrict Admin Access

all

Limit access to the /admin endpoint to trusted IP addresses only

# Apache: RewriteCond %{REMOTE_ADDR} !^192\.168\.1\. [OR]
# Nginx: allow 192.168.1.0/24; deny all;

Disable Vulnerable Endpoint

all

Block access to the specific vulnerable endpoint

# Apache: RewriteRule ^/admin\?do=admin:user:editPost - [F]
# Nginx: location ~* /admin\?do=admin:user:editPost { deny all; }

🧯 If You Can't Patch

  • Implement strict network segmentation to isolate ClassCMS instances from critical systems
  • Enable detailed logging and monitoring for privilege escalation attempts on admin endpoints

🔍 How to Verify

Check if Vulnerable:

Check ClassCMS version in admin panel or configuration files. If version is 4.8 or lower, system is vulnerable.

Check Version:

Check ClassCMS configuration files or admin panel for version information

Verify Fix Applied:

After applying workarounds, test if /admin?do=admin:user:editPost endpoint is properly restricted or blocked.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed privilege escalation attempts
  • Unauthorized access to /admin?do=admin:user:editPost
  • Unusual user privilege changes

Network Indicators:

  • Unusual traffic patterns to admin endpoints
  • Requests to /admin?do=admin:user:editPost from unexpected sources

SIEM Query:

source="web_server" AND (uri="/admin?do=admin:user:editPost" OR message="privilege escalation")

📊 Metadata

CVE ID: CVE-2024-12666
CVSS v3 Score: 4.7 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
CWE: CWE-266
Published: December 16, 2024
Last Updated: December 19, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-12666, you might also want to check these:

CVE-2026-23800 10.0

This vulnerability allows attackers to escalate privileges in Modular DS modular-connector WordPress...

Same vulnerability type (CWE-266)
CVE-2026-23550 10.0

This critical vulnerability in Modular DS allows attackers to escalate privileges due to incorrect p...

Same vulnerability type (CWE-266)
CVE-2025-41115 10.0

A critical vulnerability in Grafana's SCIM provisioning allows malicious SCIM clients to provision u...

Same vulnerability type (CWE-266)