CVE-2024-30965 – DedeCMS v5.7 contains a CSRF vulnerability in t... (How to Fix)

Q: What is the severity of CVE-2024-30965?

CVE-2024-30965 has a CVSS score of 8.8 (HIGH). DedeCMS v5.7 contains a CSRF vulnerability in the member_scores.php component that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all DedeCMS v5.7 installations with the vulnerable component accessible. Attackers can manipulate user scores or perform other administrative functions without the victim's consent.

📋 TL;DR

DedeCMS v5.7 contains a CSRF vulnerability in the member_scores.php component that allows attackers to trick authenticated administrators into performing unauthorized actions. This affects all DedeCMS v5.7 installations with the vulnerable component accessible. Attackers can manipulate user scores or perform other administrative functions without the victim's consent.

💻 Affected Systems

Products:

DedeCMS

Versions: v5.7

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All DedeCMS v5.7 installations with the member_scores.php component accessible are affected. The vulnerability requires an authenticated administrator session.

📦 What is this software?

Dedecms by Dedecms

View all CVEs affecting Dedecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could manipulate user privilege levels, modify critical system settings, or perform administrative actions leading to complete system compromise.

🟠

Likely Case

Attackers manipulate user scores or perform limited administrative actions through tricked administrators, potentially affecting user reputation systems or limited configuration changes.

🟢

If Mitigated

With proper CSRF protections and admin awareness, exploitation attempts fail or have minimal impact due to token validation and user verification.

🌐 Internet-Facing: HIGH - Web applications with admin interfaces exposed to the internet are primary targets for CSRF attacks.

🏢 Internal Only: MEDIUM - Internal administrators could still be tricked via phishing or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF vulnerabilities are typically easy to exploit with basic web development knowledge. Requires the victim to be authenticated as an administrator.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Patched in commit e9d294951ab2dd85709f1d12ad4747f25d326b1b

Vendor Advisory: https://github.com/Fishkey1/cms/commit/e9d294951ab2dd85709f1d12ad4747f25d326b1b

Restart Required: No

Instructions:

1. Download the patched version from the official repository. 2. Replace the vulnerable /src/dede/member_scores.php file with the patched version. 3. Verify the CSRF token implementation is present in the patched file.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all form submissions and validate them server-side

Add anti-CSRF token generation and validation to member_scores.php

Restrict Admin Access

all

Limit admin panel access to specific IP addresses or networks

Add IP-based restrictions to .htaccess or web server configuration for /src/dede/ directory

🧯 If You Can't Patch

Implement strict SameSite cookie policies and require re-authentication for sensitive actions
Deploy a WAF with CSRF protection rules and monitor for suspicious admin panel activity

🔍 How to Verify

Check if Vulnerable:

Check if /src/dede/member_scores.php exists and lacks CSRF token validation in form submissions

Check Version:

Check DedeCMS version in system configuration or admin panel

Verify Fix Applied:

Verify the patched member_scores.php file contains CSRF token validation and matches the hash from the official commit

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to member_scores.php from different referrers
Admin actions without corresponding login events

Network Indicators:

CSRF attack patterns in web traffic
Suspicious referrer headers in admin panel requests

SIEM Query:

source="web_logs" AND uri="/src/dede/member_scores.php" AND method="POST" AND NOT referrer CONTAINS "your-domain.com"

📊 Metadata

CVE ID: CVE-2024-30965

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: April 2, 2024

Last Updated: April 1, 2025

🔗 References

https://github.com/Fishkey1/cms/commit/e9d294951ab2dd85709f1d12ad4747f25d326b1b Exploit,Third Party Advisory
https://github.com/Fishkey1/cms/tree/main Third Party Advisory
https://github.com/Fishkey1/cms/commit/e9d294951ab2dd85709f1d12ad4747f25d326b1b Exploit,Third Party Advisory
https://github.com/Fishkey1/cms/tree/main Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-30965, you might also want to check these: