CVE-2024-35012 – This CSRF vulnerability in idccms v1.35 allows ... (How to Fix)

Q: What is the severity of CVE-2024-35012?

CVE-2024-35012 has a CVSS score of 6.3 (MEDIUM). This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions by visiting malicious web pages. Attackers could add information types to the CMS without the admin's knowledge. Only administrators with access to the affected admin panel are vulnerable.

📋 TL;DR

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions by visiting malicious web pages. Attackers could add information types to the CMS without the admin's knowledge. Only administrators with access to the affected admin panel are vulnerable.

💻 Affected Systems

Products:

idccms

Versions: v1.35

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with admin panel accessible and admin sessions active.

📦 What is this software?

Idccms by Idccms

View all CVEs affecting Idccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could add malicious content types, modify site structure, or potentially chain with other vulnerabilities to gain full control of the CMS.

🟠

Likely Case

Attackers add unwanted information types or categories to the CMS, disrupting site organization and potentially enabling content injection.

🟢

If Mitigated

With proper CSRF protections and admin awareness, impact is limited to failed exploitation attempts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires admin to be logged in and visit malicious page. Simple HTML form can trigger the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None known

Restart Required: No

Instructions:

No official patch available. Consider upgrading to newer version if available or implementing CSRF protections manually.

🔧 Temporary Workarounds

Add CSRF Token Protection

all

Implement CSRF tokens in the admin/infoType_deal.php form to validate legitimate requests

Manual code modification required - add CSRF token generation and validation

Restrict Admin Panel Access

linux

Limit access to admin panel to specific IP addresses or internal network only

# Apache: Require ip 192.168.1.0/24
# Nginx: allow 192.168.1.0/24; deny all;

🧯 If You Can't Patch

Implement SameSite cookies and require re-authentication for sensitive actions
Use browser extensions that block CSRF attempts and educate administrators about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check if /admin/infoType_deal.php?mudi=add&nohrefStr=close endpoint accepts POST requests without CSRF tokens when admin is logged in

Check Version:

Check CMS version in admin panel or readme files

Verify Fix Applied:

Test that POST requests to the vulnerable endpoint now require valid CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /admin/infoType_deal.php from unexpected sources
Unusual infoType creation events in admin logs

Network Indicators:

HTTP requests to admin endpoints with Referer headers from external domains
Unusual traffic patterns to admin panel

SIEM Query:

source="web_logs" AND uri="/admin/infoType_deal.php" AND method="POST" AND NOT referer CONTAINS "your-domain.com"

📊 Metadata

CVE ID: CVE-2024-35012

CVSS v3 Score: 6.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

CWE: CWE-352

Published: May 14, 2024

Last Updated: April 15, 2025

🔗 References

https://github.com/Thirtypenny77/cms/blob/main/7.md Exploit,Third Party Advisory
https://github.com/Thirtypenny77/cms/blob/main/7.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35012, you might also want to check these: