CVE-2024-56116 – A Cross-Site Request Forgery vulnerability in A... (How to Fix)

Q: What is the severity of CVE-2024-56116?

CVE-2024-56116 has a CVSS score of 8.8 (HIGH). A Cross-Site Request Forgery vulnerability in Amiro.CMS allows attackers to create administrator accounts without authorization. This affects all Amiro.CMS installations before version 7.8.4. Attackers can gain full administrative control over vulnerable CMS instances.

📋 TL;DR

A Cross-Site Request Forgery vulnerability in Amiro.CMS allows attackers to create administrator accounts without authorization. This affects all Amiro.CMS installations before version 7.8.4. Attackers can gain full administrative control over vulnerable CMS instances.

💻 Affected Systems

Products:

Amiro.CMS

Versions: All versions before 7.8.4

Operating Systems: Any OS running Amiro.CMS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Amiro.cms by Amiro

View all CVEs affecting Amiro.cms →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the CMS with attacker creating administrator accounts, leading to data theft, website defacement, or malware distribution.

🟠

Likely Case

Attackers create backdoor administrator accounts to maintain persistent access for future attacks.

🟢

If Mitigated

Limited impact with proper CSRF protections and monitoring preventing successful exploitation.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires tricking an authenticated administrator into visiting a malicious page. The GitHub reference contains proof-of-concept code.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.8.4

Vendor Advisory: https://github.com/ComplianceControl/CVE-2024-56116

Restart Required: No

Instructions:

1. Backup your Amiro.CMS installation and database. 2. Download version 7.8.4 from the official Amiro.CMS website. 3. Replace all files with the patched version. 4. Verify the update was successful by checking the version in the admin panel.

🔧 Temporary Workarounds

CSRF Token Implementation

all

Add CSRF tokens to all administrative forms and validate them on submission.

Restrict Administrative Access

all

Limit administrative panel access to specific IP addresses or networks only.

🧯 If You Can't Patch

Implement strict SameSite cookie policies and Content Security Policy headers.
Monitor administrator account creation logs and set up alerts for suspicious activity.

🔍 How to Verify

Check if Vulnerable:

Check the Amiro.CMS version in the admin panel or by examining the CMS files. If version is below 7.8.4, the system is vulnerable.

Check Version:

Check the version in the admin panel under System Information or examine the CMS configuration files.

Verify Fix Applied:

After updating, verify the version shows 7.8.4 or higher in the admin panel and test that CSRF protections are working on administrative forms.

📡 Detection & Monitoring

Log Indicators:

Unexpected administrator account creation events
Multiple failed login attempts followed by successful account creation

Network Indicators:

HTTP POST requests to user creation endpoints from unexpected referrers

SIEM Query:

source="amiro.log" AND (event="admin_created" OR event="user_created") AND user_role="administrator"

📊 Metadata

CVE ID: CVE-2024-56116

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: December 18, 2024

Last Updated: April 23, 2025

🔗 References

https://github.com/ComplianceControl/CVE-2024-56116 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-56116, you might also want to check these: