CVE-2024-27694 – FlyCms v1.0 contains a Cross-Site Request Forge... (How to Fix)

Q: What is the severity of CVE-2024-27694?

CVE-2024-27694 has a CVSS score of 7.4 (HIGH). FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /system/share/ztree_category_edit endpoint. This allows attackers to trick authenticated users into performing unauthorized actions by visiting a malicious webpage. All users running FlyCms v1.0 with the vulnerable endpoint accessible are affected.

📋 TL;DR

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability in the /system/share/ztree_category_edit endpoint. This allows attackers to trick authenticated users into performing unauthorized actions by visiting a malicious webpage. All users running FlyCms v1.0 with the vulnerable endpoint accessible are affected.

💻 Affected Systems

Products:

FlyCms

Versions: v1.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires authenticated user session and access to the vulnerable endpoint.

📦 What is this software?

Flycms by Flycms Project

View all CVEs affecting Flycms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify category structures, delete content, or perform administrative actions leading to data loss or site defacement.

🟠

Likely Case

Unauthorized modifications to category trees, potentially disrupting site navigation and content organization.

🟢

If Mitigated

Limited impact with proper CSRF protections and user awareness training.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement with basic web development knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None provided in references

Restart Required: No

Instructions:

No official patch available. Consider implementing CSRF tokens or upgrading if newer versions exist.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to forms and validate them server-side for the affected endpoint.

Modify /system/share/ztree_category_edit to include and validate CSRF tokens

Restrict Access

all

Limit access to the vulnerable endpoint using IP whitelisting or authentication enhancements.

Configure web server (e.g., Apache .htaccess or Nginx location block) to restrict /system/share/ztree_category_edit

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF attempts
Educate users about CSRF risks and safe browsing practices

🔍 How to Verify

Check if Vulnerable:

Check if FlyCms v1.0 is installed and if /system/share/ztree_category_edit endpoint exists without CSRF protection.

Check Version:

Check FlyCms configuration files or admin panel for version information.

Verify Fix Applied:

Test the endpoint with a CSRF attack simulation tool to confirm tokens are required and validated.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /system/share/ztree_category_edit from different referrers
Unauthorized category modifications in audit logs

Network Indicators:

HTTP requests to vulnerable endpoint without CSRF tokens
Suspicious referrer headers in requests

SIEM Query:

source="web_server" AND (url="/system/share/ztree_category_edit" AND method="POST") AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2024-27694

CVSS v3 Score: 7.4 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

CWE: CWE-352

Published: March 4, 2024

Last Updated: April 16, 2025

🔗 References

https://github.com/sms2056/cms/blob/main/1.md Exploit,Third Party Advisory
https://github.com/sms2056/cms/blob/main/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-27694, you might also want to check these: