CVE-2024-22699 – FlyCms v1.0 contains a Cross-Site Request Forge... (How to Fix)

Q: What is the severity of CVE-2024-22699?

CVE-2024-22699 has a CVSS score of 8.8 (HIGH). FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the group update functionality. This allows attackers to trick authenticated administrators into performing unauthorized group modifications. Any organization using FlyCms v1.0 with administrative interfaces exposed is affected.

📋 TL;DR

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the group update functionality. This allows attackers to trick authenticated administrators into performing unauthorized group modifications. Any organization using FlyCms v1.0 with administrative interfaces exposed is affected.

💻 Affected Systems

Products:

FlyCms

Versions: v1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with administrative access enabled. The vulnerability requires an authenticated admin session to exploit.

📦 What is this software?

Flycms by Flycms Project

View all CVEs affecting Flycms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify user groups and permissions, potentially gaining administrative access or escalating privileges to compromise the entire CMS installation.

🟠

Likely Case

Unauthorized modification of user groups leading to privilege escalation or unauthorized access to restricted content.

🟢

If Mitigated

Limited impact if proper CSRF protections and access controls are implemented, though the vulnerability still exists.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement. The vulnerability requires the victim to be logged in as an administrator and visit a malicious page.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider implementing CSRF tokens in the /system/admin/update_group_save endpoint or upgrading to a patched version if released.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to the group update form and validate them server-side

Modify /system/admin/update_group_save endpoint to require CSRF token validation

Restrict Admin Access

all

Limit administrative interface access to trusted networks only

Configure firewall rules to restrict access to /system/admin/* paths

🧯 If You Can't Patch

Implement network segmentation to isolate the CMS admin interface from untrusted networks
Require re-authentication for sensitive administrative actions like group modifications

🔍 How to Verify

Check if Vulnerable:

Check if /system/admin/update_group_save endpoint accepts POST requests without CSRF token validation

Check Version:

Check FlyCms version in admin panel or configuration files

Verify Fix Applied:

Verify that CSRF tokens are required and validated for all POST requests to the vulnerable endpoint

📡 Detection & Monitoring

Log Indicators:

Multiple unauthorized group modification attempts
POST requests to /system/admin/update_group_save from unexpected sources

Network Indicators:

HTTP POST requests to vulnerable endpoint without referrer validation
Suspicious redirects to admin interfaces

SIEM Query:

source_ip NOT IN trusted_networks AND uri_path="/system/admin/update_group_save" AND http_method="POST"

📊 Metadata

CVE ID: CVE-2024-22699

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: January 18, 2024

Last Updated: June 5, 2025

🔗 References

https://github.com/biantaibao/cms/blob/main/1.md Exploit,Third Party Advisory
https://github.com/biantaibao/cms/blob/main/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22699, you might also want to check these: