Login Sign Up

CVE-2024-40331

8.8 HIGH
CSRF

📋 TL;DR

This CSRF vulnerability in idccms v1.35 allows attackers to trick authenticated administrators into performing unauthorized database backup operations. Attackers can force administrators to execute database backup commands without their knowledge or consent. This affects all deployments of idccms v1.35 with administrative interfaces accessible to users.

💻 Affected Systems

Products:
  • idccms
Versions: v1.35
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires administrative access to the CMS interface. The vulnerability exists in the database backup functionality.

📦 What is this software?

Idccms by Idccms

View all CVEs affecting Idccms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could force database backups to attacker-controlled locations, potentially exfiltrating sensitive data including user credentials, personal information, and application data.

🟠

Likely Case

Attackers create malicious web pages that trigger unauthorized database backups when visited by authenticated administrators, potentially leading to data exposure.

🟢

If Mitigated

With proper CSRF protections and network segmentation, impact is limited to unauthorized backup operations that administrators can detect and reverse.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires the victim to be authenticated as an administrator and visit a malicious page while logged in. The exploit is simple to implement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Implement CSRF tokens in /admin/dbBakMySQL_deal.php and validate all POST requests. Update to a newer version if available.

🔧 Temporary Workarounds

Implement CSRF Protection

all

Add CSRF tokens to the database backup form and validate them server-side

Edit /admin/dbBakMySQL_deal.php to include CSRF token generation and validation

Restrict Admin Access

all

Limit administrative interface access to specific IP addresses or networks

Add IP-based restrictions to .htaccess or web server configuration for /admin/ directory

🧯 If You Can't Patch

  • Implement network segmentation to isolate the CMS admin interface from untrusted networks
  • Use browser extensions that block CSRF attacks and educate administrators about phishing risks

🔍 How to Verify

Check if Vulnerable:

Check if /admin/dbBakMySQL_deal.php?mudi=backup accepts POST requests without CSRF token validation

Check Version:

Check CMS version in admin panel or configuration files

Verify Fix Applied:

Test that database backup requests require valid CSRF tokens and fail without them

📡 Detection & Monitoring

Log Indicators:

  • Multiple database backup requests from unusual IP addresses
  • Backup requests without corresponding admin login events

Network Indicators:

  • HTTP POST requests to /admin/dbBakMySQL_deal.php with backup parameters from non-admin sources

SIEM Query:

source_ip NOT IN admin_ips AND uri_path='/admin/dbBakMySQL_deal.php' AND method='POST'

📊 Metadata

CVE ID: CVE-2024-40331
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-352
Published: July 10, 2024
Last Updated: April 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-40331, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)