PT-2024-28813 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms. The vulnerability can be exploited via the "/admin/serverFile deal.php" endpoint, specifically when the mudi parameter is set to "upFileDel" an...

CVE-2024-40334

idccms v1.35 contains a Cross-Site Request Forgery (CSRF) vulnerability affecting the endpoint /admin/serverFile_deal.php?mudi=upFileDel&dataID=3. The issue stems from CSRF in the admin file-deletion flow, with CVSS 3.1 base metrics indicating HIGH impact on confidentiality, integrity, and availa...