CVE-2024-42629 – FrogCMS v0.9.5 contains a Cross-Site Request Fo... (How to Fix)

Q: What is the severity of CVE-2024-42629?

CVE-2024-42629 has a CVSS score of 8.8 (HIGH). FrogCMS v0.9.5 contains a Cross-Site Request Forgery (CSRF) vulnerability in the page edit functionality at /admin/?/page/edit/10. This allows attackers to trick authenticated administrators into performing unauthorized page modifications. All FrogCMS v0.9.5 installations with the admin interface accessible are affected.

📋 TL;DR

FrogCMS v0.9.5 contains a Cross-Site Request Forgery (CSRF) vulnerability in the page edit functionality at /admin/?/page/edit/10. This allows attackers to trick authenticated administrators into performing unauthorized page modifications. All FrogCMS v0.9.5 installations with the admin interface accessible are affected.

💻 Affected Systems

Products:

FrogCMS

Versions: v0.9.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires admin authentication but can be exploited via CSRF when admin is logged in.

📦 What is this software?

Frogcms by Frogcms Project

View all CVEs affecting Frogcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify all website content, inject malicious scripts, deface the site, or create backdoors for persistent access.

🟠

Likely Case

Unauthorized content modification, defacement, or injection of malicious scripts/code into pages.

🟢

If Mitigated

Limited impact with proper CSRF protections, though some risk remains if other vulnerabilities exist.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

CSRF attacks are well-understood and easy to weaponize; exploitation requires tricking an authenticated admin.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available, or implement CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to the page edit endpoint to prevent unauthorized requests.

Modify /admin/?/page/edit/10 endpoint to include and validate CSRF tokens in requests.

Restrict Admin Access

all

Limit admin interface access to trusted IP addresses or networks only.

Configure web server (e.g., Apache .htaccess or Nginx config) to restrict /admin/ path to specific IPs.

🧯 If You Can't Patch

Implement strict SameSite cookie policies and use anti-CSRF tokens in forms.
Monitor admin activity logs for unauthorized page modifications and set up alerts.

🔍 How to Verify

Check if Vulnerable:

Check if running FrogCMS v0.9.5 and if /admin/?/page/edit/10 endpoint lacks CSRF protection.

Check Version:

Check FrogCMS version in admin panel or configuration files.

Verify Fix Applied:

Test that CSRF tokens are required and validated for page edit requests.

📡 Detection & Monitoring

Log Indicators:

Unexpected POST requests to /admin/?/page/edit/10 from unusual sources or without referrer headers.

Network Indicators:

CSRF attack patterns in web traffic, such as requests lacking CSRF tokens.

SIEM Query:

web_access_logs WHERE uri LIKE '%/admin/?/page/edit/10%' AND method = 'POST' AND (referrer IS NULL OR referrer NOT LIKE '%yourdomain%')

📊 Metadata

CVE ID: CVE-2024-42629

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: August 12, 2024

Last Updated: August 13, 2024

🔗 References

https://github.com/Kirtoc/cms/tree/main/2/readme.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-42629, you might also want to check these: