53 matches found
CVE-2024-35554
idccms v1.35 is affected by a Cross-Site Request Forgery (CSRF) in the admin component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN. The underlying issue involves CSRF in the /admin/infoWeb_deal.php path with parameters mudi, dataType, and dataTypeCN that enables unauthorized acti...
CVE-2024-35560
CVE-2024-35560 affects idccms v1.35 and is a CSRF flaw in the /admin/ca_deal.php endpoint with parameters mudi=del, dataType, and dataTypeCN. The CVE documents report the vulnerability but do not provide exploit details beyond the CSRF condition; CVSSv3.1 base score is 4.3 (MEDIUM) with UI:Requir...
CVE-2024-35009
CVE-2024-35009 affects idccms v1.35 with a Cross-Site Request Forgery (CSRF) risk in the /admin/share_switch.php endpoint, where parameters like mudi, dataType, fieldName, fieldName2, tabName, and dataID are used. The issue is documented to involve CSRF in the share_switch.php component, indicati...
CVE-2024-35039
CVE-2024-35039 affects idccms version 1.35. The vulnerability is a Cross-Site Request Forgery (CSRF) that can be triggered via the endpoint admin/tplSys_deal.php?mudi=area. The available sources consistently describe a CSRF risk without detailing an exploitation method beyond the vulnerable endpo...
CVE-2024-36670
CVE-2024-36670 impacts idccms v1.35 with a CSRF in the admin/vpsClass_deal.php?mudi=del component. Root cause: CSRF allows unauthorized actions to be triggered by a user, with CVSSv3.1 base score 8.8 (HIGH) and an attacker requiring user interaction. Affected software is explicitly idccms v1.35; ...
CVE-2022-27333
The CVE-2022-27333 issue affects idcCMS v1.10, where an attacker can arbitrarily delete the install.lock file, causing a reset of CMS settings and data. The vulnerability is described consistently across multiple sources as a deletion of install.lock, with no publicly detailed exploit chain beyon...
CVE-2024-34957
CVE-2024-34957 affects idccms v1.35. The vulnerability is a CSRF in the component admin/sysImages_deal.php?mudi=infoSet that could allow unauthorized actions on behalf of an authenticated user. Exploitation details are not provided beyond that CSRF context; no patch version is listed in the provi...
CVE-2024-35011
CVE-2024-35011: idccms v1.35 contains a CSRF vulnerability in the admin endpoint /admin/infoType_deal.php?mudi=rev&nohrefStr=close. CVSSv3.1: AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N; base score 5.4 (MEDIUM). Exploitation context is not detailed in the documents; one source notes access restrictions a...
CVE-2024-35553
CVE-2024-35553 affects idccms v1.35. A Cross-Site Request Forgery vulnerability exists in the admin/infoMove_deal.php endpoint (parameters mudi=add and nohrefStr=close). The issue is documented across multiple sources (including Red Hat/NVD/CVE lists and PT-Security) with no public exploit detail...
CVE-2024-35551
CVE-2024-35551 affects idccms v1.35 and is a Cross-Site Request Forgery (CSRF) vulnerability in the endpoint /admin/infoWeb_deal.php?mudi=add. Red Hat and NVD entries corroborate the issue; PT-Security adds a practical workaround: restrict access to that endpoint and avoid using the mudi paramete...
CVE-2024-35552
Concretely, CVE-2024-35552 affects idccms v1.35 with a CSRF in the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN. The PT-2024-26538 entry confirms the CSRF flaw in the idccms admin path, enabling unauthorized actions. Remediation guidance from the connected PT entry recomme...
CVE-2024-35556
CVE-2024-35556 affects idccms v1.35. The vulnerability is a Cross-Site Request Forgery (CSRF) in the component /admin/vpsSys_deal.php?mudi=infoSet. This is the underlying cause: unauthorized requests may be performed via the mudi parameter. CVSS v3.1 base score 8.8 (High) with network attack vect...
CVE-2024-35550
CVE-2024-35550 affects idccms v1.35. The vulnerability is a Cross-Site Request Forgery (CSRF) in the component /admin/infoWeb_deal.php?mudi=rev, enabling unauthorized actions by an authenticated user. CVSS v3.1 base score 6.3 (Network, Low to Medium impact; UI required). No exploit details or pro...
CVE-2024-35561
CVE-2024-35561: idccms v1.35 is affected by a Cross-Site Request Forgery (CSRF) via /admin/ca_deal.php?mudi=add&nohrefStr=close. Reported CVSSv3.1: 5.4 (LOW confidentiality, LOW integrity, NONE availability; AV:N/AC:L/PR:L/UI:R/S:C). Root cause is CSRF in that component; exploitation details are ...
CVE-2024-11587
CVE-2024-11587 affects idcCMS 1.60, specifically the GetCityOptionJs function in /inc/classProvCity.php, where manipulating the idName parameter triggers cross-site scripting. Exploitation can be remote; multiple sources flag XSS, with some templates noting a reflected XSS via idName (read.php). ...
CVE-2024-35010
CVE-2024-35010 in idccms v1.35 is associated with a CSRF in the admin/banner_deal.php (and related banner deal.php) component. The issue involves parameters such as mudi, dataType, dataTypeCN, theme, and dataID to perform unauthorized actions. The PT-Security entry confirms a CSRF in the /admin/b...
CVE-2024-39156
CVE-2024-39156 affects idccms v1.35, with a Cross-Site Request Forgery (CSRF) vulnerability in the /admin/keyWord_deal.php?mudi=add component. The CVSS 3.1 base score is 3.8 (LOW), with user interaction not required and high privileges required for exploitation hints (per the provided metrics). C...
CVE-2024-39021
CVE-2024-39021 affects idccms v1.35, with a Cross-Site Request Forgery (CSRF) vulnerability in the component /admin/vpsApiData_deal.php?mudi=del. The available documents attribute the issue to that specific endpoint/action, but do not provide a patch version, workaround, exploit details, or mitig...
CVE-2024-39157
CVE-2024-39157 affects idccms v1.35 via a CSRF in the endpoint /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1. The CVSS 3.1 vector (AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N) yields a base score of 3.8 (LOW). Documented sources (NVD, Red Hat, CNNVD, CVE lists, PT-2024-28369) confirm the CSRF issu...
CVE-2024-34958
CVE-2024-34958 affects idccms v1.35, where a CSRF exists in the admin/banner_deal.php?mudi=add component. The vulnerability arises from a Cross-Site Request Forgery path that could enable unauthorized actions as described in sources linked to idccms CSRF. The CVSS base metrics in the initial reco...
CVE-2024-39153
CVE-2024-39153 affects idccms v1.35 with a CSRF flaw in the admin component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN. The Root Cause is CSRF in that endpoint allowing unauthorized actions; impact is labeled low to moderate per CVSS 3.1 (base 4.7, MEDIUM) with low confidentiality/int...
CVE-2024-35557
CVE-2024-35557 affects idccms v1.35, with a CSRF vulnerability in the admin endpoint /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close. The root cause is a cross-site request forgery in the component handling the vpsApi_deal action, potentially enabling unauthorized actions on behalf of an authenti...
CVE-2024-39020
idccms v1.35 is affected by a CSRF vulnerability exploitable through /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close. The issue, described across multiple sources, involves unauthorized actions via a crafted request. The connected PT-PTSecurity advisory notes a temporary workaround to disable...
CVE-2024-33830
CVE-2024-33830 affects idccms v1.35, where a Cross-Site Request Forgery (CSRF) is possible through the /admin/readDeal.php?mudi=clearWebCache component. The root cause is CSRF in the readDeal.php path, enabling unauthorized actions on behalf of an authenticated user. Impact is described as HIGH (...
CVE-2024-33829
CVE-2024-33829 affects idccms v1.35, with a Cross-Site Request Forgery (CSRF) in the component accessible at /admin/readDeal.php?mudi=updateWebCache. The vulnerability is described across multiple sources as CSRF via that parameter; the NVD/CVE entry lists a CVSS v3.1 base score of 5.4 (Medium) w...
CVE-2024-35555
CVE-2024-35555 concerns idccms v1.35 with a Cross-Site Request Forgery (CSRF) in the endpoint "/admin/share_switch.php" (parameters include mudi, dataType, fieldName, fieldName2, tabName, dataID). The vulnerability could enable unauthorized actions on behalf of an authenticated user. Exploitation...
CVE-2024-36547
CVE-2024-36547 affects idccms V1.35 with a Cross-Site Request Forgery (CSRF) in the admin/vpsClass_deal.php?mudi=add component. The CVSS baseline from NVD (ATT&CK not stated) indicates high impact on confidentiality, integrity, and availability with network attack vector and user interaction requ...
CVE-2024-40328
CVE-2024-40328 affects idccms v1.35 and is a Cross-Site Request Forgery (CSRF) vulnerability exposed via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6. Public sources (NVD, Red Hat, CNNVD, CVE list, etc.) describe the issue and confirm the affected product, with CVSSv3.1 base score 6.3...
CVE-2024-35559
idccms v1.35 contains a Cross-Site Request Forgery (CSRF) vulnerability in the admin/infoMove_deal.php endpoint (parameters mudi and nohrefStr=close). CVSS v3.1 base score 8.8 (HIGH): Network attack vector, no privileges required, user interaction required, and with high confidentiality, integrit...
CVE-2024-39155
idccms v1.35 contains a Cross-Site Request Forgery (CSRF) in the component /admin/ipRecord_deal.php?mudi=add. The CVE entry notes CVSS v3.1 base score 6.8 (Medium) with Confidentiality Impact: High, User Interaction: Required. Connected sources validate a CSRF flaw rather than an authentication b...
CVE-2024-40333
idccms v1.35 contains a Cross-Site Request Forgery (CSRF) vulnerability accessible through /admin/softBak_deal.php?mudi=del&dataID=2. The CVE entry notes a high-severity issue (CVSS v3.1: 8.8) with network attack vector, low complexity, no privileges required, and user interaction needed, leading...
CVE-2024-35558
CVE-2024-35558: idccms v1.35 is reported to contain a Cross-Site Request Forgery (CSRF) in the admin action at /admin/ca_deal.php?mudi=rev&nohrefStr=close. The vulnerability enables unauthorized state-changing requests from an attacker-trusted user session, consistent with a HIGH-severity CVSS 3....
CVE-2024-36548
CVE-2024-36548 affects idccms v1.35, with a CSRF vulnerability reachable at admin/vpsCompany_deal.php?mudi=del. The issue is documented across multiple feeds (NVD/Red Hat/CVE pages and PT-2024-27066) and is not accompanied by public exploit details in the provided documents. PT-2024-27066 suggest...
CVE-2024-40035
idccms v1.35 is affected by a Cross-Site Request Forgery (CSRF) vulnerability in the endpoint /admin/userLevel_deal.php?mudi=add. The Root Cause is a CSRF flaw enabling unauthorized requests to the admin action. Impact is described as CSRF exposure; no exploitation details are provided in the doc...
CVE-2024-40331
idccms v1.35 is affected by a Cross-Site Request Forgery (CSRF) in the admin function via /admin/dbBakMySQL_deal.php?mudi=backup. CVSS 3.1 base score 8.8 (High): Network, LOW attack complexity, NONE privileges, user interaction required; impact to confidentiality, integrity, and availability is H...
CVE-2024-4172
CVE-2024-4172 affects idcCMS 1.35. The vulnerability involves an unknown functionality at /admin/admin_cl.php?mudi=revPwd that enables cross-site request forgery. The issue can be exploited remotely and the exploit has been disclosed publicly (VDB-261991). Multiple connected records corroborate t...
CVE-2024-35012
CVE-2024-35012 affects idccms v1.35, with a CSRF vulnerability in the /admin/infoType_deal.php?mudi=add&nohrefStr=close endpoint. Root cause is CSRF in the admin interface component; CVSS v3.1 base score 6.3 (MEDIUM) with low impact across confidentiality, integrity, and availability. Connected s...
CVE-2024-36549
CVE-2024-36549 affects idccms v1.35 with a Cross-Site Request Forgery (CSRF) vulnerability in the /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close endpoint. The connected PT-2024-27067 entry specifies the vulnerable software version (idccms 1.35) and identifies the CSRF issue related to the /a...
CVE-2024-39019
CVE-2024-39019 affects idccms v1.35, exposing a Cross-Site Request Forgery (CSRF) via the endpoint /admin/idcProData_deal.php?mudi=del . The Red Hat/CNNVD/CVE sources corroborate CSRF in idccms 1.35 and highlight the vulnerable parameter combination (mudi=del) that enables unauthorized actions. N...
CVE-2024-40334
idccms v1.35 contains a Cross-Site Request Forgery (CSRF) vulnerability affecting the endpoint /admin/serverFile_deal.php?mudi=upFileDel&dataID=3. The issue stems from CSRF in the admin file-deletion flow, with CVSS 3.1 base metrics indicating HIGH impact on confidentiality, integrity, and availa...
CVE-2024-39154
CVE-2024-39154 affects idccms v1.35 and is a Cross-Site Request Forgery (CSRF) via the endpoint /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN. The NVD entry notes a CVSSv3.1 base score of 8.8 (HIGH): Network attack vector, low attack complexity, no privileges required, but user intera...
CVE-2024-40036
CVE-2024-40036 affects idccms v1.35, with a Cross-Site Request Forgery (CSRF) vulnerability exploitable via /admin/userGroup_deal.php?mudi=add&nohrefStr=close. The CVSS v3.1 base score is 8.8 (HIGH): attack vector NETWORK, attack complexity LOW, privileges required NONE, user interaction REQUIRED...
CVE-2024-39022
CVE-2024-39022 affects idccms v1.35. It is a CSRF vulnerability exploitable via /admin/infoSys_deal.php?mudi=deal, with CVSS v3.1 metrics indicating HIGH impact (C/H, I/H, A/H), network vector, low attack complexity, no privileges required, user interaction required. Connected sources corroborate...
CVE-2024-39023
CVE-2024-39023 affects idccms v1.35, with a Cross-Site Request Forgery (CSRF) vulnerability in admin/info_deal.php?mudi=add&nohrefStr=close. The CVSS v3.1 report assigns high impact (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) and a base score of 8.8. Public references identify the affected component as...
CVE-2024-39119
CVE-2024-39119 affects idccms v1.35, where a Cross‑Site Request Forgery (CSRF) is possible via admin/info_deal.php?mudi=rev&nohrefStr=close. The root cause is that requests from trusted users are not adequately verified, enabling an attacker to trick a victim into performing a sensitive operation...
CVE-2024-36550
CVE-2024-36550 affects idccms V1.35 and describes a Cross-Site Request Forgery (CSRF) vulnerability accessible via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close. The NVD entry lists CVSSv3.1 scores of 8.8 (HIGH) for the NVD view with network attack vector, user interaction required, and hig...
CVE-2024-40038
CVE-2024-40038 affects idccms v1.35. A CSRF vulnerability exists via the endpoint "/admin/userScore_deal.php?mudi=rev". The CVSS 3.1 base score is 5.3 (Medium) with local attack vector, low impact on confidentiality, integrity, and availability, and user interaction required. Impact and root caus...
CVE-2024-40336
CVE-2024-40336 affects idccms v1.35 and is a Cross Site Scripting (XSS) vulnerability in the Image Advertising Management component. The available documents identify the affected product (idccms v1.35) and the vulnerable feature (Image Advertising Management) but do not provide details on root ca...
CVE-2024-40329
CVE-2024-40329 affects idccms v1.35, with a Cross-Site Request Forgery (CSRF) vulnerability exploitable via /admin/softBak_deal.php?mudi=backup. The vulnerability is confirmed across multiple sources (NVD, Red Hat, CNVD, CVE listing) with CVSS v3.1 base metrics: AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:...
CVE-2024-39158
CVE-2024-39158 affects idccms v1.35 with a Cross-Site Request Forgery (CSRF) in the endpoint "/admin/userSys_deal.php?mudi=infoSet". The CVSSv3.1 base score is 8.8 (HIGH) with network attack vector, low access complexity, requiring user interaction, and impacts to confidentiality, integrity, and ...