CVE-2024-36550 – This CSRF vulnerability in idccms V1.35 allows ... (How to Fix)

Q: What is the severity of CVE-2024-36550?

CVE-2024-36550 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in idccms V1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via crafted requests to the admin panel. Attackers can add VPS company entries without proper authorization checks. Only administrators with access to the vulnerable admin endpoint are affected.

📋 TL;DR

This CSRF vulnerability in idccms V1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via crafted requests to the admin panel. Attackers can add VPS company entries without proper authorization checks. Only administrators with access to the vulnerable admin endpoint are affected.

💻 Affected Systems

Products:

idccms

Versions: V1.35

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires administrator authentication to exploit. The vulnerability exists in the admin panel functionality.

📦 What is this software?

Idccms by Idccms

View all CVEs affecting Idccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could add malicious VPS company entries, potentially leading to data manipulation, privilege escalation, or further compromise of the CMS installation.

🟠

Likely Case

Unauthorized addition of VPS company entries in the admin panel, potentially disrupting business operations or enabling further attacks.

🟢

If Mitigated

With proper CSRF protections, the vulnerability would be blocked, preventing unauthorized actions even if administrators visit malicious pages.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to weaponize. The GitHub reference shows proof-of-concept details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Implement CSRF tokens in /admin/vpsCompany_deal.php and validate them on all POST requests.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to forms and validate them server-side

Edit /admin/vpsCompany_deal.php to include CSRF token generation and validation

Restrict Admin Access

all

Limit admin panel access to specific IP addresses or networks

Add IP restrictions in .htaccess or web server configuration for /admin/ directory

🧯 If You Can't Patch

Implement strict SameSite cookie policies for session cookies
Require re-authentication for sensitive admin actions

🔍 How to Verify

Check if Vulnerable:

Check if /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close endpoint lacks CSRF token validation

Check Version:

Check CMS version in admin panel or configuration files

Verify Fix Applied:

Verify that POST requests to the vulnerable endpoint now require and validate CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple POST requests to /admin/vpsCompany_deal.php from different referrers
Unauthorized VPS company additions in admin logs

Network Indicators:

HTTP requests to the vulnerable endpoint with suspicious referrer headers

SIEM Query:

source="web_logs" AND uri="/admin/vpsCompany_deal.php" AND method="POST" AND NOT referrer CONTAINS "your-domain.com"

📊 Metadata

CVE ID: CVE-2024-36550

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: June 4, 2024

Last Updated: November 21, 2024

🔗 References

https://github.com/da271133/cms/blob/main/29/csrf.md Exploit,Third Party Advisory
https://github.com/da271133/cms/blob/main/29/csrf.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36550, you might also want to check these: