Login Sign Up

CVE-2024-22592

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

FlyCms v1.0 contains a CSRF vulnerability in the user group update endpoint that allows attackers to trick authenticated administrators into performing unauthorized group modifications. This affects all FlyCms v1.0 installations with administrative interfaces accessible to users. Attackers can exploit this by luring administrators to malicious web pages.

💻 Affected Systems

Products:
  • FlyCms
Versions: v1.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All default installations of FlyCms v1.0 are vulnerable. The vulnerability requires an authenticated administrator session to exploit.

📦 What is this software?

Flycms by Flycms Project

View all CVEs affecting Flycms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify user group permissions to grant themselves administrative privileges, delete user groups, or disrupt system access controls, leading to complete system compromise.

🟠

Likely Case

Attackers modify user group settings to gain elevated privileges or disrupt normal user access, potentially leading to data exposure or unauthorized content modifications.

🟢

If Mitigated

With proper CSRF protections and administrative awareness, exploitation attempts would fail, maintaining normal system operations.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires tricking an authenticated administrator into visiting a malicious page. The vulnerability is well-documented in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider implementing CSRF tokens manually or upgrading to a newer version if available.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to the /system/user/group_update endpoint and validate them on the server side.

Restrict Administrative Access

all

Limit administrative interface access to specific IP addresses or networks using firewall rules.

🧯 If You Can't Patch

  • Implement network segmentation to isolate administrative interfaces from general user access
  • Require multi-factor authentication for administrative actions and educate administrators about CSRF risks

🔍 How to Verify

Check if Vulnerable:

Check if FlyCms version is 1.0 and if the /system/user/group_update endpoint lacks CSRF token validation.

Check Version:

Check FlyCms configuration files or admin panel for version information.

Verify Fix Applied:

Verify that CSRF tokens are required and validated for the /system/user/group_update endpoint.

📡 Detection & Monitoring

Log Indicators:

  • Multiple unauthorized group_update requests from same administrator session
  • Group permission changes without corresponding admin login events

Network Indicators:

  • HTTP POST requests to /system/user/group_update without Referer headers or CSRF tokens
  • Administrative actions originating from unexpected sources

SIEM Query:

source="web_logs" AND uri="/system/user/group_update" AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2024-22592
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: January 18, 2024
Last Updated: June 2, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22592, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)