Login Sign Up

CVE-2024-4587

4.3 MEDIUM
CSRF

📋 TL;DR

This CSRF vulnerability in DedeCMS allows attackers to trick authenticated administrators into performing unintended actions by visiting malicious web pages. It affects DedeCMS 5.7 installations using the vulnerable tpl.php file. The vulnerability is remotely exploitable and public exploit code exists.

💻 Affected Systems

Products:
  • DedeCMS
Versions: 5.7
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects installations with the vulnerable /src/dede/tpl.php file accessible.

📦 What is this software?

Dedecms by Dedecms

View all CVEs affecting Dedecms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could modify website content, create backdoor accounts, or alter system configuration through authenticated administrator sessions.

🟠

Likely Case

Attackers would modify templates, inject malicious content, or create unauthorized administrator accounts.

🟢

If Mitigated

With proper CSRF protections and administrator awareness, impact would be minimal as attacks require user interaction.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires social engineering to trick authenticated administrators into visiting malicious pages.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider workarounds or upgrading to a different CMS if vendor remains unresponsive.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to tpl.php and related admin functions

Manual code modification required - add token generation and validation

Restrict Access to Admin Interface

linux

Limit admin panel access to specific IP addresses or VPN

# Apache: Order deny,allow
Deny from all
Allow from 192.168.1.0/24
# Nginx: allow 192.168.1.0/24;
deny all;

🧯 If You Can't Patch

  • Implement web application firewall with CSRF protection rules
  • Educate administrators about phishing risks and require separate browser sessions for admin tasks

🔍 How to Verify

Check if Vulnerable:

Check if /src/dede/tpl.php exists and lacks CSRF token validation in POST requests

Check Version:

Check DedeCMS version in system configuration or admin panel

Verify Fix Applied:

Test that POST requests to tpl.php fail without valid CSRF tokens

📡 Detection & Monitoring

Log Indicators:

  • Multiple POST requests to tpl.php from different referrers
  • Unauthorized template modifications in admin logs

Network Indicators:

  • HTTP requests to tpl.php with suspicious referrer headers
  • Admin session cookies being sent to unexpected domains

SIEM Query:

source="web_logs" AND uri="/src/dede/tpl.php" AND method="POST" AND referrer NOT CONTAINS "yourdomain.com"

📊 Metadata

CVE ID: CVE-2024-4587
CVSS v3 Score: 4.3 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CWE: CWE-352
Published: May 7, 2024
Last Updated: January 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-4587, you might also want to check these:

CVE-2025-23922 10.0

A Cross-Site Request Forgery (CSRF) vulnerability in the Harsh iSpring Embedder WordPress plugin all...

Same vulnerability type (CWE-352)
CVE-2020-23426 9.8

CVE-2020-23426 is a privilege escalation vulnerability in zzcms 201910 that allows attackers to gain...

Same vulnerability type (CWE-352)
CVE-2024-33449 9.8

This SSRF vulnerability in PDFMyURL allows attackers to make the service send requests to internal s...

Same vulnerability type (CWE-352)