Lucene search
K
Idccms ProjectIdccms

6 matches found

CVE
CVE
added 2024/06/05 6:56 p.m.75 views

CVE-2024-36669

CVE-2024-36669 affects idccms v1.35, with a CSRF vulnerability in the admin/type_deal.php?mudi=add component. The root cause is an improper CSRF defense that allows unauthorized state-changing requests to be forged via that endpoint. The vulnerability impacts the application’s ability to perform ...

8.8CVSS7.4AI score0.00234EPSS
Web
CVE
CVE
added 2024/06/05 7:1 p.m.72 views

CVE-2024-36667

CVE-2024-36667 affects idccms v1.35 and is a Cross-Site Request Forgery (CSRF) vulnerability in the admin endpoint /admin/idcProType_deal.php?mudi=add&nohrefStr=close. The issue enables unauthorized actions to be performed in the context of a logged-in user (impacting confidentiality, integrity a...

8.8CVSS7.4AI score0.00241EPSS
Web
CVE
CVE
added 2024/06/05 7:0 p.m.71 views

CVE-2024-36668

CVE-2024-36668 affects idccms v1.35, with a Cross-Site Request Forgery (CSRF) in the admin/type_deal.php?mudi=del component. The root cause is a CSRF in the admin endpoint, enabling unauthorized actions to be performed without user consent. The Red Hat/PT Security entry confirms a CSRF in the sam...

8.8CVSS7.4AI score0.0023EPSS
Web
CVE
CVE
added 2024/07/09 12:0 a.m.53 views

CVE-2024-40039

idccms v1.35 is affected by a CSRF vulnerability in the /admin/userGroup_deal.php?mudi=del endpoint, enabling unauthorized actions. The CVE has a high severity (CVE/NVD 8.8) with network attack vector, low complexity and user interaction required. No exploit details are provided in the documents....

8.8CVSS7.2AI score0.00295EPSS
Web
CVE
CVE
added 2024/07/09 12:0 a.m.51 views

CVE-2024-40037

CVE-2024-40037 affects idccms v1.35, with a CSRF flaw in the admin action endpoint. The vulnerability is exposed via /admin/userScore_deal.php?mudi=del, allowing unauthorized state-changing requests without the user’s intent. The consolidated sources indicate a CSRF risk with a base CVSS v3.1 sco...

8.8CVSS7.2AI score0.00295EPSS
Web
CVE
CVE
added 2024/07/09 12:0 a.m.50 views

CVE-2024-40034

CVE-2024-40034 : A Cross-Site Request Forgery (CSRF) vulnerability affects idccms v1.35, exploitable via the /admin/userLevel_deal.php?mudi=del endpoint. The issue enables unauthorized actions without authentication or with user interaction. CVSS v3.1 base metrics indicate high impact to confiden...

8.8CVSS7.2AI score0.00295EPSS
Web