CVE-2024-46086 – This CSRF vulnerability in FrogCMS allows attac... (How to Fix)

Q: What is the severity of CVE-2024-46086?

CVE-2024-46086 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in FrogCMS allows attackers to trick authenticated administrators into performing unauthorized file deletion actions. Attackers can craft malicious requests that delete files when administrators visit compromised pages. All FrogCMS administrators using the vulnerable version are affected.

📋 TL;DR

This CSRF vulnerability in FrogCMS allows attackers to trick authenticated administrators into performing unauthorized file deletion actions. Attackers can craft malicious requests that delete files when administrators visit compromised pages. All FrogCMS administrators using the vulnerable version are affected.

💻 Affected Systems

Products:

FrogCMS

Versions: V0.9.5

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects installations with the file_manager plugin enabled and accessible to authenticated administrators.

📦 What is this software?

Frogcms by Frogcms Project

View all CVEs affecting Frogcms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete website defacement or data loss through deletion of critical system files, potentially causing service disruption and requiring full restoration from backups.

🟠

Likely Case

Selective deletion of website content files, images, or configuration files leading to broken functionality and content loss.

🟢

If Mitigated

No impact if proper CSRF protections are implemented or if administrators use separate accounts for browsing and administration.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the victim to be authenticated as an administrator and visit a malicious page while logged in.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: None available

Restart Required: No

Instructions:

No official patch available. Consider upgrading to a newer version if available or implementing CSRF protections manually.

🔧 Temporary Workarounds

Implement CSRF Tokens

all

Add CSRF token validation to the file_manager delete endpoint

Modify /admin/?/plugin/file_manager/delete/ endpoint to require and validate CSRF tokens

Disable File Manager Plugin

all

Temporarily disable the vulnerable file_manager plugin

Remove or rename the file_manager plugin directory

🧯 If You Can't Patch

Implement strict SameSite cookie policies and require re-authentication for sensitive actions
Use separate browser profiles or accounts for administrative tasks versus regular browsing

🔍 How to Verify

Check if Vulnerable:

Check if FrogCMS version is 0.9.5 and file_manager plugin is accessible at /admin/?/plugin/file_manager/

Check Version:

Check FrogCMS version in admin panel or configuration files

Verify Fix Applied:

Test that file deletion requests require CSRF tokens and fail without proper validation

📡 Detection & Monitoring

Log Indicators:

Multiple file deletion requests from same admin session without corresponding page views
File deletion requests without referrer headers

Network Indicators:

POST requests to /admin/?/plugin/file_manager/delete/ without CSRF tokens
Cross-origin requests to the delete endpoint

SIEM Query:

source="web_logs" AND uri="/admin/?/plugin/file_manager/delete/" AND NOT referrer CONTAINS "admin"

📊 Metadata

CVE ID: CVE-2024-46086

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: September 18, 2024

Last Updated: September 25, 2024

🔗 References

https://github.com/PG2Stom/cms/tree/main/12/readme.md Exploit

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46086, you might also want to check these: