CVE-2024-39119 – This CSRF vulnerability in idccms v1.35 allows ... (How to Fix)

Q: What is the severity of CVE-2024-39119?

CVE-2024-39119 has a CVSS score of 5.4 (MEDIUM). This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via the admin/info_deal.php endpoint. Attackers can modify system information or settings when administrators visit malicious pages while logged in. Only administrators with access to the admin panel are affected.

📋 TL;DR

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions via the admin/info_deal.php endpoint. Attackers can modify system information or settings when administrators visit malicious pages while logged in. Only administrators with access to the admin panel are affected.

💻 Affected Systems

Products:

idccms

Versions: v1.35

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with the admin panel accessible and administrators who can be tricked into visiting malicious sites while authenticated.

📦 What is this software?

Idccms by Idccms

View all CVEs affecting Idccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify critical system settings, change administrator credentials, or inject malicious content that affects all users of the CMS.

🟠

Likely Case

Attackers modify website information, change contact details, or alter configuration settings that don't require authentication changes.

🟢

If Mitigated

With proper CSRF protections and administrator awareness, exploitation attempts would fail or be detected before causing damage.

🌐 Internet-Facing: MEDIUM

🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires social engineering to trick authenticated administrators into clicking malicious links.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to admin/info_deal.php and all admin endpoints

Modify PHP files to include and validate CSRF tokens on form submissions

Restrict Admin Panel Access

all

Limit admin panel access to specific IP addresses or internal networks only

Add IP whitelisting to .htaccess or web server configuration for /admin/ directory

🧯 If You Can't Patch

Educate administrators about CSRF risks and safe browsing practices
Implement SameSite cookies and additional authentication steps for sensitive actions

🔍 How to Verify

Check if Vulnerable:

Check if admin/info_deal.php endpoint accepts POST requests without CSRF token validation

Check Version:

Check CMS version in admin panel or configuration files

Verify Fix Applied:

Test that admin endpoints reject requests without valid CSRF tokens

📡 Detection & Monitoring

Log Indicators:

Multiple failed admin actions from same session
Admin actions without referrer headers

Network Indicators:

External domains making requests to admin endpoints
Suspicious referrer URLs in admin requests

SIEM Query:

source="web_logs" AND uri="/admin/info_deal.php" AND (referrer NOT CONTAINS "yourdomain.com" OR referrer="-")

📊 Metadata

CVE ID: CVE-2024-39119

CVSS v3 Score: 5.4 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE: CWE-352

Published: July 2, 2024

Last Updated: April 15, 2025

🔗 References

https://github.com/2477231995/cms/blob/main/1.md Exploit,Third Party Advisory
https://github.com/2477231995/cms/blob/main/1.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39119, you might also want to check these: