CVE-2024-46085 – FrogCMS V0.9.5 contains a Cross-Site Request Fo... (How to Fix)

Q: What is the severity of CVE-2024-46085?

CVE-2024-46085 has a CVSS score of 8.8 (HIGH). FrogCMS V0.9.5 contains a Cross-Site Request Forgery (CSRF) vulnerability in the file manager rename functionality. This allows attackers to trick authenticated administrators into performing unauthorized file operations. All FrogCMS V0.9.5 installations with the file manager plugin enabled are affected.

📋 TL;DR

FrogCMS V0.9.5 contains a Cross-Site Request Forgery (CSRF) vulnerability in the file manager rename functionality. This allows attackers to trick authenticated administrators into performing unauthorized file operations. All FrogCMS V0.9.5 installations with the file manager plugin enabled are affected.

💻 Affected Systems

Products:

FrogCMS

Versions: V0.9.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires file manager plugin to be enabled and an authenticated admin session.

📦 What is this software?

Frogcms by Frogcms Project

View all CVEs affecting Frogcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could rename critical system files, upload malicious scripts, or delete important content, potentially leading to complete system compromise or data loss.

🟠

Likely Case

Attackers could rename or manipulate website files to deface the site, inject malicious code, or disrupt normal operations.

🟢

If Mitigated

With proper CSRF protections and user awareness, the risk is limited to authenticated sessions where users click malicious links.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking an authenticated admin into visiting a malicious page while logged in.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None found

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to the file manager rename endpoint

Modify /admin/?/plugin/file_manager/rename endpoint to require and validate CSRF tokens

Disable File Manager Plugin

all

Temporarily disable the vulnerable file manager plugin

Remove or rename the file_manager plugin directory

🧯 If You Can't Patch

Implement strict SameSite cookie policies and require re-authentication for sensitive actions
Use web application firewalls (WAF) to detect and block CSRF attempts

🔍 How to Verify

Check if Vulnerable:

Check if running FrogCMS V0.9.5 with file manager plugin enabled

Check Version:

Check FrogCMS version in admin panel or configuration files

Verify Fix Applied:

Test that CSRF tokens are required for file rename operations

📡 Detection & Monitoring

Log Indicators:

Multiple file rename requests from same session without CSRF tokens
Unusual file rename patterns

Network Indicators:

POST requests to /admin/?/plugin/file_manager/rename without referrer validation

SIEM Query:

source="web_logs" AND uri="/admin/?/plugin/file_manager/rename" AND NOT csrf_token=*

📊 Metadata

CVE ID: CVE-2024-46085

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: September 17, 2024

Last Updated: April 28, 2025

🔗 References

https://github.com/RainingSEC/cms/tree/main/11/readme.md Broken Link

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46085, you might also want to check these: