CVE-2024-35552 – This CSRF vulnerability in idccms v1.35 allows ... (How to Fix)

Q: What is the severity of CVE-2024-35552?

CVE-2024-35552 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via crafted requests. Attackers could delete logos or potentially perform other administrative functions without the admin's knowledge. Only systems running the vulnerable version with administrative interfaces exposed are affected.

📋 TL;DR

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via crafted requests. Attackers could delete logos or potentially perform other administrative functions without the admin's knowledge. Only systems running the vulnerable version with administrative interfaces exposed are affected.

💻 Affected Systems

Products:

idccms

Versions: v1.35

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrative access to the CMS interface for exploitation. The vulnerability exists in the administrative backend.

📦 What is this software?

Idccms by Idccms

View all CVEs affecting Idccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of CMS administrative functions, allowing attackers to delete content, modify configurations, or potentially escalate to full system control if combined with other vulnerabilities.

🟠

Likely Case

Unauthorized deletion of logos or other content managed through the vulnerable endpoint, causing website defacement or disruption.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if administrative interfaces are not accessible.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement. The provided GitHub references contain demonstration of the vulnerability.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Implement CSRF tokens in /admin/infoMove_deal.php and validate them on all POST requests. Update to a newer version if available from the vendor.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to forms and validate them server-side

Edit /admin/infoMove_deal.php to include CSRF token validation

Restrict Admin Access

all

Limit access to administrative interface to trusted IPs only

Add IP restrictions to .htaccess or web server configuration for /admin/ directory

🧯 If You Can't Patch

Implement strict SameSite cookie policies and require re-authentication for sensitive actions
Monitor admin interface access logs for suspicious activity and implement web application firewall rules

🔍 How to Verify

Check if Vulnerable:

Check if /admin/infoMove_deal.php accepts POST requests without CSRF token validation. Test by creating a simple HTML form that submits to this endpoint.

Check Version:

Check CMS version in admin panel or look for version information in source files

Verify Fix Applied:

Verify that POST requests to /admin/infoMove_deal.php now require and validate CSRF tokens.

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /admin/infoMove_deal.php from different IPs in short time
Admin actions without corresponding admin login events

Network Indicators:

Cross-origin requests to admin endpoints
Suspicious referrer headers in admin requests

SIEM Query:

source="web_logs" AND uri="/admin/infoMove_deal.php" AND method="POST" AND NOT referer CONTAINS "admin"

📊 Metadata

CVE ID: CVE-2024-35552

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: May 22, 2024

Last Updated: April 9, 2025

🔗 References

https://github.com/bearman113/1.md/blob/main/20/csrf.md Exploit,Third Party Advisory
https://github.com/bearman113/1.md/blob/main/20/csrf.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35552, you might also want to check these: