Login Sign Up

CVE-2024-35558

8.8 HIGH
Authentication Bypass CSRF

📋 TL;DR

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via malicious requests to the /admin/ca_deal.php endpoint. Attackers could modify system settings, delete content, or perform other administrative functions without the victim's knowledge. Only administrators with access to the vulnerable admin panel are affected.

💻 Affected Systems

Products:
  • idccms
Versions: v1.35
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrator authentication and admin panel access. The vulnerability is in the default installation.

📦 What is this software?

Idccms by Idccms

View all CVEs affecting Idccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the CMS installation including content deletion, configuration changes, privilege escalation, or installation of backdoors.

🟠

Likely Case

Unauthorized content modifications, configuration changes, or data manipulation by tricking administrators into clicking malicious links.

🟢

If Mitigated

Limited impact with proper CSRF protections, though some risk remains if administrators are highly targeted.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

CSRF attacks are well-understood and easy to implement. The provided GitHub references contain technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to the vulnerable endpoint /admin/ca_deal.php

Modify PHP code to generate and validate unique tokens per session

Restrict Admin Access

all

Limit admin panel access to specific IP addresses or internal networks

Add IP restrictions in .htaccess or web server configuration

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to detect and block CSRF patterns
  • Educate administrators about phishing risks and implement strict browser security policies

🔍 How to Verify

Check if Vulnerable:

Check if /admin/ca_deal.php endpoint accepts POST requests without CSRF token validation when accessed by authenticated admin

Check Version:

Check CMS version in admin panel or configuration files

Verify Fix Applied:

Test that the endpoint now requires and validates CSRF tokens for state-changing operations

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /admin/ca_deal.php from different sessions with similar parameters
  • Admin actions occurring without corresponding admin login events

Network Indicators:

  • HTTP requests to /admin/ca_deal.php with referer headers pointing to external domains

SIEM Query:

source="web_logs" AND uri="/admin/ca_deal.php" AND method="POST" AND NOT referer CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2024-35558
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: May 22, 2024
Last Updated: April 9, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35558, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)