CVE-2024-22568 – FlyCms v1.0 contains a Cross-Site Request Forge... (How to Fix)

Q: What is the severity of CVE-2024-22568?

CVE-2024-22568 has a CVSS score of 8.8 (HIGH). FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the score deletion endpoint (/system/score/del). This allows attackers to trick authenticated users into performing unintended actions, potentially deleting score data. All users running FlyCms v1.0 with the vulnerable endpoint accessible are affected.

📋 TL;DR

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the score deletion endpoint (/system/score/del). This allows attackers to trick authenticated users into performing unintended actions, potentially deleting score data. All users running FlyCms v1.0 with the vulnerable endpoint accessible are affected.

💻 Affected Systems

Products:

FlyCms

Versions: v1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with the /system/score/del endpoint accessible and requiring authentication.

📦 What is this software?

Flycms by Flycms Project

View all CVEs affecting Flycms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete all score data, causing data loss and disrupting application functionality for all users.

🟠

Likely Case

Targeted deletion of specific score entries, potentially affecting user reputation systems or scoring mechanisms.

🟢

If Mitigated

With proper CSRF protections, no unauthorized actions can be performed through forged requests.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement; exploitation requires the victim to be authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided

Restart Required: No

Instructions:

No official patch available. Implement CSRF protection tokens on all state-changing endpoints.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all POST requests and validate them server-side

Modify /system/score/del endpoint to require and validate CSRF tokens

Disable Endpoint

all

Temporarily disable the vulnerable endpoint until proper fix is implemented

Comment out or remove route for /system/score/del in routing configuration

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block CSRF attempts
Restrict access to /system/score/del endpoint to specific IP ranges or users

🔍 How to Verify

Check if Vulnerable:

Test if /system/score/del endpoint accepts POST requests without CSRF token validation

Check Version:

Check FlyCms version in admin panel or configuration files

Verify Fix Applied:

Verify that CSRF tokens are required and validated for /system/score/del endpoint

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /system/score/del from same IP with different session IDs
Score deletion events without corresponding user actions in audit logs

Network Indicators:

HTTP POST requests to /system/score/del without Referer header or with suspicious origins

SIEM Query:

source="web_logs" AND uri="/system/score/del" AND method="POST" AND (NOT csrf_token=*)

📊 Metadata

CVE ID: CVE-2024-22568

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: January 18, 2024

Last Updated: June 20, 2025

🔗 References

https://github.com/kayo-zjq/myc/blob/main/1.md Exploit,Product
https://github.com/kayo-zjq/myc/blob/main/1.md Exploit,Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22568, you might also want to check these: