6 matches found
CVE-2024-36669
CVE-2024-36669 affects idccms v1.35, with a CSRF vulnerability in the admin/type_deal.php?mudi=add component. The root cause is an improper CSRF defense that allows unauthorized state-changing requests to be forged via that endpoint. The vulnerability impacts the application’s ability to perform ...
CVE-2024-36667
CVE-2024-36667 affects idccms v1.35 and is a Cross-Site Request Forgery (CSRF) vulnerability in the admin endpoint /admin/idcProType_deal.php?mudi=add&nohrefStr=close. The issue enables unauthorized actions to be performed in the context of a logged-in user (impacting confidentiality, integrity a...
CVE-2024-36668
CVE-2024-36668 affects idccms v1.35, with a Cross-Site Request Forgery (CSRF) in the admin/type_deal.php?mudi=del component. The root cause is a CSRF in the admin endpoint, enabling unauthorized actions to be performed without user consent. The Red Hat/PT Security entry confirms a CSRF in the sam...
CVE-2024-40039
idccms v1.35 is affected by a CSRF vulnerability in the /admin/userGroup_deal.php?mudi=del endpoint, enabling unauthorized actions. The CVE has a high severity (CVE/NVD 8.8) with network attack vector, low complexity and user interaction required. No exploit details are provided in the documents....
CVE-2024-40037
CVE-2024-40037 affects idccms v1.35, with a CSRF flaw in the admin action endpoint. The vulnerability is exposed via /admin/userScore_deal.php?mudi=del, allowing unauthorized state-changing requests without the user’s intent. The consolidated sources indicate a CSRF risk with a base CVSS v3.1 sco...
CVE-2024-40034
CVE-2024-40034 : A Cross-Site Request Forgery (CSRF) vulnerability affects idccms v1.35, exploitable via the /admin/userLevel_deal.php?mudi=del endpoint. The issue enables unauthorized actions without authentication or with user interaction. CVSS v3.1 base metrics indicate high impact to confiden...