CVE-2024-35560 – This CSRF vulnerability in idccms v1.35 allows ... (How to Fix)

Q: What is the severity of CVE-2024-35560?

CVE-2024-35560 has a CVSS score of 4.3 (MEDIUM). This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized deletion operations via crafted requests to /admin/ca_deal.php. Only administrators with active sessions are affected, but the impact depends on what data deletion operations are available through this endpoint.

📋 TL;DR

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized deletion operations via crafted requests to /admin/ca_deal.php. Only administrators with active sessions are affected, but the impact depends on what data deletion operations are available through this endpoint.

💻 Affected Systems

Products:

idccms

Versions: v1.35

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the vulnerable /admin/ca_deal.php endpoint accessible and administrator authentication enabled.

📦 What is this software?

Idccms by Idccms

View all CVEs affecting Idccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete data loss or corruption if attackers can delete critical system data, user accounts, or configuration settings through the vulnerable endpoint.

🟠

Likely Case

Partial data deletion or modification of CMS content, potentially disrupting website functionality or removing important information.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if administrators don't click malicious links while authenticated.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks require social engineering to trick authenticated users into clicking malicious links or visiting compromised sites.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Implement CSRF tokens in /admin/ca_deal.php and all admin endpoints. Validate referrer headers and implement same-origin policy checks.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to all admin forms and validate them on submission

Modify PHP files to include CSRF token generation and validation

Restrict Admin Access

all

Limit admin panel access to specific IP addresses or VPN

Add IP restrictions to .htaccess or web server configuration

🧯 If You Can't Patch

Implement web application firewall rules to detect and block CSRF patterns
Require re-authentication for sensitive operations like data deletion

🔍 How to Verify

Check if Vulnerable:

Check if /admin/ca_deal.php accepts POST requests without CSRF token validation when accessed with admin session

Check Version:

Check CMS version in admin panel or read version files

Verify Fix Applied:

Test that all admin forms include unique CSRF tokens and reject requests without valid tokens

📡 Detection & Monitoring

Log Indicators:

Multiple DELETE/POST requests to /admin/ca_deal.php from different referrers
Admin actions without corresponding form submissions

Network Indicators:

Unusual referrer headers in admin requests
Cross-origin requests to admin endpoints

SIEM Query:

source="web_logs" AND uri="/admin/ca_deal.php" AND (method="POST" OR method="DELETE") AND NOT referrer CONTAINS "your-domain.com"

📊 Metadata

CVE ID: CVE-2024-35560

CVSS v3 Score: 4.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

CWE: CWE-352

Published: May 22, 2024

Last Updated: April 9, 2025

🔗 References

https://github.com/bearman113/1.md/blob/main/25/csrf.md Exploit,Third Party Advisory
https://github.com/bearman113/1.md/blob/main/25/csrf.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-35560, you might also want to check these: