CVE-2024-22817 – FlyCms v1.0 contains a CSRF vulnerability in th... (How to Fix)

Q: What is the severity of CVE-2024-22817?

CVE-2024-22817 has a CVSS score of 8.8 (HIGH). FlyCms v1.0 contains a CSRF vulnerability in the email configuration update endpoint that allows attackers to trick authenticated administrators into making unauthorized changes to email settings. This affects all FlyCms v1.0 installations with the vulnerable endpoint accessible. Attackers can exploit this by luring administrators to malicious web pages while logged into FlyCms.

📋 TL;DR

FlyCms v1.0 contains a CSRF vulnerability in the email configuration update endpoint that allows attackers to trick authenticated administrators into making unauthorized changes to email settings. This affects all FlyCms v1.0 installations with the vulnerable endpoint accessible. Attackers can exploit this by luring administrators to malicious web pages while logged into FlyCms.

💻 Affected Systems

Products:

FlyCms

Versions: v1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All installations of FlyCms v1.0 with the /system/email/email_conf_updagte endpoint accessible are vulnerable. The vulnerability requires administrator authentication to exploit.

📦 What is this software?

Flycms by Flycms Project

View all CVEs affecting Flycms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could reconfigure email settings to intercept password reset emails, compromise administrator accounts, and take full control of the CMS instance.

🟠

Likely Case

Attackers modify email configuration to redirect system emails to attacker-controlled addresses, enabling credential theft and unauthorized access.

🟢

If Mitigated

With proper CSRF protections, the vulnerability is neutralized and no unauthorized configuration changes can occur.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF exploits are well-understood and easy to weaponize. The vulnerability requires the victim to be authenticated as an administrator.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Implement CSRF protection tokens on all state-changing endpoints, particularly /system/email/email_conf_updagte.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to the email configuration update form and validate them server-side

Modify /system/email/email_conf_updagte endpoint to require and validate CSRF tokens

Restrict Access

all

Restrict access to the vulnerable endpoint using network controls or authentication requirements

Configure web server to restrict /system/email/email_conf_updagte to specific IPs or require additional authentication

🧯 If You Can't Patch

Implement SameSite cookies and require additional authentication for sensitive operations
Monitor email configuration changes and alert on unauthorized modifications

🔍 How to Verify

Check if Vulnerable:

Check if /system/email/email_conf_updagte endpoint accepts POST requests without CSRF token validation

Check Version:

Check FlyCms version in admin panel or configuration files

Verify Fix Applied:

Test that POST requests to /system/email/email_conf_updagte without valid CSRF tokens are rejected

📡 Detection & Monitoring

Log Indicators:

Unauthorized email configuration changes
Multiple failed CSRF token validations
Suspicious POST requests to /system/email/email_conf_updagte

Network Indicators:

POST requests to /system/email/email_conf_updagte without referrer headers or from suspicious sources

SIEM Query:

source="web_server" AND (uri="/system/email/email_conf_updagte" AND method="POST") AND NOT csrf_token_valid="true"

📊 Metadata

CVE ID: CVE-2024-22817

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: January 18, 2024

Last Updated: June 5, 2025

🔗 References

https://github.com/mafangqian/cms/blob/main/1.md Exploit,Third Party Advisory
https://github.com/mafangqian/cms/blob/main/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-22817, you might also want to check these: