Login Sign Up

CVE-2024-36667

8.8 HIGH
CSRF

📋 TL;DR

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions by visiting malicious web pages. Attackers could add new product types through the vulnerable admin endpoint without the victim's knowledge. Only administrators with access to the admin panel are affected.

💻 Affected Systems

Products:
  • idccms
Versions: v1.35
Operating Systems: Any OS running idccms
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations with admin panel accessible and administrators logged in.

📦 What is this software?

Idccms by Idccms Project

View all CVEs affecting Idccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could add malicious product types, modify system configurations, or chain with other vulnerabilities to gain full system control.

🟠

Likely Case

Attackers add unauthorized product types or modify existing ones, potentially disrupting business operations or inserting malicious content.

🟢

If Mitigated

With proper CSRF protections, the attack fails as requests are rejected without valid tokens.

🌐 Internet-Facing: HIGH - The admin panel is typically internet-facing, making it accessible to attackers who can craft malicious pages.
🏢 Internal Only: MEDIUM - Even if admin panel is internal-only, attackers could still exploit via phishing or compromised internal systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires the victim to be logged into the admin panel and visit a malicious page. The vulnerability is well-documented in public repositories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement CSRF protection manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to /admin/idcProType_deal.php endpoint

Modify PHP code to generate and validate unique tokens per session

SameSite Cookie Attribute

all

Set SameSite=Strict attribute on session cookies

session.cookie_samesite = Strict in php.ini or setcookie() with SameSite=Strict

🧯 If You Can't Patch

  • Restrict admin panel access to specific IP addresses or VPN only
  • Implement web application firewall (WAF) rules to detect and block CSRF attempts

🔍 How to Verify

Check if Vulnerable:

Check if /admin/idcProType_deal.php?mudi=add&nohrefStr=close endpoint accepts POST requests without CSRF token validation

Check Version:

Check idccms version in admin panel or configuration files

Verify Fix Applied:

Test that the endpoint now requires and validates a CSRF token for all state-changing operations

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to /admin/idcProType_deal.php from different referrers
  • Unusual product type additions in admin logs

Network Indicators:

  • HTTP requests to vulnerable endpoint with suspicious referrer headers
  • Pattern of requests without CSRF tokens

SIEM Query:

source="web_logs" AND uri="/admin/idcProType_deal.php" AND method="POST" AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2024-36667
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: June 5, 2024
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-36667, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)