CVE-2024-39154 – This CSRF vulnerability in idccms v1.35 allows ... (How to Fix)

Q: What is the severity of CVE-2024-39154?

CVE-2024-39154 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions by visiting malicious web pages. Attackers can delete keyword data without the admin's knowledge or consent. Only administrators with access to the vulnerable component are affected.

📋 TL;DR

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized actions by visiting malicious web pages. Attackers can delete keyword data without the admin's knowledge or consent. Only administrators with access to the vulnerable component are affected.

💻 Affected Systems

Products:

idccms

Versions: v1.35

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin authentication to the vulnerable endpoint.

📦 What is this software?

Idccms by Idccms

View all CVEs affecting Idccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could delete all keyword data, disrupt website functionality, and potentially chain with other vulnerabilities for further compromise.

🟠

Likely Case

Targeted deletion of specific keyword data to disrupt content management or SEO optimization.

🟢

If Mitigated

Minimal impact with proper CSRF protections and admin awareness training.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to implement; exploitation requires tricking authenticated admins.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Implement CSRF tokens in /admin/keyWord_deal.php and validate them on POST requests.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to forms and validate them server-side.

Edit /admin/keyWord_deal.php to include and verify CSRF tokens

Restrict Admin Access

all

Limit admin panel access to trusted IPs or VPN.

Add IP restrictions in .htaccess or web server config

🧯 If You Can't Patch

Educate administrators about CSRF risks and safe browsing practices.
Monitor admin activity logs for unauthorized keyword deletions.

🔍 How to Verify

Check if Vulnerable:

Check if /admin/keyWord_deal.php lacks CSRF token validation for del actions.

Check Version:

Check CMS version in admin panel or configuration files.

Verify Fix Applied:

Test that CSRF tokens are required and validated for keyword deletion requests.

📡 Detection & Monitoring

Log Indicators:

Multiple keyword deletion requests from same admin session in short time
Deletion requests without corresponding form submissions

Network Indicators:

HTTP POST requests to /admin/keyWord_deal.php?mudi=del from unexpected referrers

SIEM Query:

source="web_logs" AND uri="/admin/keyWord_deal.php" AND query="mudi=del" AND NOT referrer CONTAINS "admin"

📊 Metadata

CVE ID: CVE-2024-39154

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: June 27, 2024

Last Updated: April 15, 2025

🔗 References

https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md Exploit,Third Party Advisory
https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-39154, you might also want to check these: