CVE-2024-28431 – DedeCMS v5.7 contains a CSRF vulnerability in t... (How to Fix)

📋 TL;DR

DedeCMS v5.7 contains a CSRF vulnerability in the catalog_del.php component that allows attackers to trick authenticated administrators into performing unauthorized catalog deletion actions. This affects all DedeCMS v5.7 installations with default configurations where administrators access the control panel while logged in.

💻 Affected Systems

Products:

DedeCMS

Versions: v5.7

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with administrative access enabled. Requires administrator to be authenticated and tricked into visiting malicious page.

📦 What is this software?

Dedecms by Dedecms

View all CVEs affecting Dedecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete deletion of website catalog structure, causing content loss and site functionality disruption requiring restoration from backups.

🟠

Likely Case

Partial catalog deletion leading to broken navigation, missing content sections, and temporary website disruption.

🟢

If Mitigated

No impact if proper CSRF tokens are implemented or administrators use separate browser sessions for administrative tasks.

🌐 Internet-Facing: HIGH - Web applications are inherently internet-facing and administrators typically access control panels from various networks.

🏢 Internal Only: MEDIUM - Internal administrators could still be targeted through phishing or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick authenticated administrator. CSRF attacks are well-understood and easy to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: No

Instructions:

1. Check DedeCMS official website for security updates
2. Apply any available patches for v5.7
3. Verify CSRF protection is implemented in catalog_del.php

🔧 Temporary Workarounds

Implement CSRF Token Protection

all

Add CSRF token validation to catalog_del.php to prevent unauthorized requests

Modify /dede/catalog_del.php to include CSRF token generation and validation

Restrict Administrative Access

all

Limit access to DedeCMS control panel to specific IP addresses or VPN

Add IP restrictions to .htaccess or web server configuration for /dede/ directory

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block CSRF attacks
Require administrators to use separate browser sessions or incognito mode for administrative tasks

🔍 How to Verify

Check if Vulnerable:

Check if /dede/catalog_del.php exists and lacks CSRF token validation in the source code

Check Version:

Check DedeCMS version in /data/common.inc.php or admin interface

Verify Fix Applied:

Test that catalog deletion requests require valid CSRF tokens and fail without them

📡 Detection & Monitoring

Log Indicators:

Multiple catalog deletion requests from same administrator session in short timeframe
Catalog deletion requests without corresponding admin page views

Network Indicators:

HTTP POST requests to /dede/catalog_del.php with Referer headers pointing to external domains

SIEM Query:

web_access_logs WHERE uri='/dede/catalog_del.php' AND method='POST' AND referer NOT CONTAINS 'yourdomain.com'

📊 Metadata

CVE ID: CVE-2024-28431

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: March 13, 2024

Last Updated: April 1, 2025

🔗 References

https://github.com/itsqian797/cms/blob/main/3.md Exploit,Third Party Advisory
https://github.com/itsqian797/cms/blob/main/3.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-28431, you might also want to check these: