Vulnerabilites related to idccms - idccms
Vulnerability from fkie_nvd
Published
2024-07-10 13:15
Modified
2025-04-15 17:01
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Tank992/cms/blob/main/67/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Tank992/cms/blob/main/67/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/softBak_deal.php?mudi=backup", }, ], id: "CVE-2024-40329", lastModified: "2025-04-15T17:01:06.943", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-10T13:15:10.593", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/67/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/67/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-04 15:15
Modified
2024-11-21 09:22
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/da271133/cms/blob/main/29/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/da271133/cms/blob/main/29/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close", }, { lang: "es", value: "Se descubrió que idccms V1.35 contenía Cross-Site Request Forgery (CSRF) a través de /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close", }, ], id: "CVE-2024-36550", lastModified: "2024-11-21T09:22:24.137", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-04T15:15:47.497", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms/blob/main/29/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms/blob/main/29/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-10 13:15
Modified
2025-04-15 17:01
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Tank992/cms/blob/main/70/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Tank992/cms/blob/main/70/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6", }, { lang: "es", value: "Se descubrió que idccms v1.35 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6", }, ], id: "CVE-2024-40328", lastModified: "2025-04-15T17:01:14.213", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-10T13:15:10.497", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/70/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/70/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 16:17
Modified
2025-04-15 16:57
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Thirtypenny77/cms/blob/main/5.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Thirtypenny77/cms/blob/main/5.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.", }, ], id: "CVE-2024-35009", lastModified: "2025-04-15T16:57:46.033", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-14T16:17:30.767", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms/blob/main/5.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms/blob/main/5.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:19
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/25/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/25/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.", }, ], id: "CVE-2024-35560", lastModified: "2025-04-09T18:19:15.387", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.833", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/25/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/25/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-04 15:15
Modified
2024-11-21 09:22
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del", }, { lang: "es", value: "Se descubrió que idccms V1.35 contenía Cross-Site Request Forgery (CSRF) a través de admin/vpsCompany_deal.php?mudi=del", }, ], id: "CVE-2024-36548", lastModified: "2024-11-21T09:22:23.687", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-04T15:15:47.307", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://github.com/da271133/cms/blob/main/31/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/da271133/cms/blob/main/31/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 14:15
Modified
2025-04-15 17:01
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Thirtypenny77/cms2/blob/main/56/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Thirtypenny77/cms2/blob/main/56/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/ipRecord_deal.php?mudi=add.", }, ], id: "CVE-2024-39155", lastModified: "2025-04-15T17:01:54.847", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 4.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-27T14:15:15.913", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/56/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/56/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 16:17
Modified
2025-04-15 17:03
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Thirtypenny77/cms/blob/main/7.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Thirtypenny77/cms/blob/main/7.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/infoType_deal.php?mudi=add&nohrefStr=close.", }, ], id: "CVE-2024-35012", lastModified: "2025-04-15T17:03:16.610", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-14T16:17:31.100", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms/blob/main/7.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms/blob/main/7.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 13:15
Modified
2025-04-15 16:57
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/readDeal.php?mudi=clearWebCache.", }, ], id: "CVE-2024-33830", lastModified: "2025-04-15T16:57:27.263", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.2, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T13:15:49.787", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://github.com/xyaly163/cms/blob/main/2.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/xyaly163/cms/blob/main/2.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 16:17
Modified
2025-04-15 16:57
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Thirtypenny77/cms/blob/main/6.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Thirtypenny77/cms/blob/main/6.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9% BF%E5%91%8A&theme=cs&dataID=6.", }, ], id: "CVE-2024-35010", lastModified: "2025-04-15T16:57:53.403", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-14T16:17:30.877", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms/blob/main/6.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms/blob/main/6.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-15 02:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirstLIF/cms/blob/main/2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirstLIF/cms/blob/main/2.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /homePro_deal.php?mudi=add&nohrefStr=close.", }, ], id: "CVE-2024-35109", lastModified: "2025-04-15T17:02:45.973", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 3.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-15T02:15:08.840", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/FirstLIF/cms/blob/main/2.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/FirstLIF/cms/blob/main/2.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-16 15:15
Modified
2025-04-15 17:03
Severity ?
Summary
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/ywf7678/cms/blob/main/1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/ywf7678/cms/blob/main/1.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.", }, { lang: "es", value: "Se descubrió que idccms V1.35 contenía Cross-Site Request Forgery (CSRF) a través de admin/tplSys_deal.php?mudi=area.", }, ], id: "CVE-2024-35039", lastModified: "2025-04-15T17:03:07.023", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-16T15:15:48.137", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ywf7678/cms/blob/main/1.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/ywf7678/cms/blob/main/1.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-10 14:15
Modified
2025-04-15 17:01
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Tank992/cms/blob/main/66/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Tank992/cms/blob/main/66/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup", }, { lang: "es", value: "Se descubrió que idccms v1.35 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/dbBakMySQL_deal.php?mudi=backup", }, ], id: "CVE-2024-40331", lastModified: "2025-04-15T17:01:00.900", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-10T14:15:12.457", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/66/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/66/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-02 13:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/2477231995/cms/blob/main/1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/2477231995/cms/blob/main/1.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través de admin/info_deal.php?mudi=rev&nohrefStr=close.", }, ], id: "CVE-2024-39119", lastModified: "2025-04-15T17:02:14.323", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-02T13:15:10.850", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/2477231995/cms/blob/main/1.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/2477231995/cms/blob/main/1.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-10 14:15
Modified
2025-04-15 17:00
Severity ?
Summary
idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Tank992/cms/blob/main/73/readme.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Tank992/cms/blob/main/73/readme.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'", }, { lang: "es", value: "idccms v1.35 es vulnerable a Cross Site Scripting (XSS) dentro de la 'Image Advertising Management'.", }, ], id: "CVE-2024-40336", lastModified: "2025-04-15T17:00:47.123", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-10T14:15:12.620", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/73/readme.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/73/readme.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-09 19:15
Modified
2025-04-15 17:01
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pangchunyuhack/cms/blob/main/61/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pangchunyuhack/cms/blob/main/61/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close", }, { lang: "es", value: "Se descubrió que idccms v1.35 contiene una vulnerabilidad de Cross Site Request Forgery (CSRF) a través de /admin/userGroup_deal.php?mudi=add&nohrefStr=close", }, ], id: "CVE-2024-40036", lastModified: "2025-04-15T17:01:28.750", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-09T19:15:13.527", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/pangchunyuhack/cms/blob/main/61/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/pangchunyuhack/cms/blob/main/61/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:20
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/20/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/20/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.", }, ], id: "CVE-2024-35552", lastModified: "2025-04-09T18:20:58.440", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.133", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/20/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/20/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:20
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/18/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/18/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.", }, ], id: "CVE-2024-35555", lastModified: "2025-04-09T18:20:21.197", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.390", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/18/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/18/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 14:15
Modified
2025-04-15 17:01
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/userSys_deal.php?mudi=infoSet.", }, ], id: "CVE-2024-39158", lastModified: "2025-04-15T17:01:39.337", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-27T14:15:16.210", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-16 15:15
Modified
2025-04-15 17:03
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Gr-1m/cms/blob/main/1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Gr-1m/cms/blob/main/1.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente admin/sysImages_deal.php?mudi=infoSet.", }, ], id: "CVE-2024-34957", lastModified: "2025-04-15T17:03:38.063", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-16T15:15:47.970", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Gr-1m/cms/blob/main/1.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Gr-1m/cms/blob/main/1.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-10 13:15
Modified
2024-11-21 09:31
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3
References
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3", }, { lang: "es", value: "Se descubrió que idccms v1.35 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/serverFile_deal.php?mudi=upFileDel&dataID=3", }, ], id: "CVE-2024-40334", lastModified: "2024-11-21T09:31:01.253", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-10T13:15:10.760", references: [ { source: "cve@mitre.org", tags: [ "Exploit", ], url: "https://github.com/Tank992/cms/blob/main/69/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", ], url: "https://github.com/Tank992/cms/blob/main/69/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-04 15:15
Modified
2024-11-21 09:22
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/da271133/cms/blob/main/32/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/da271133/cms/blob/main/32/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add", }, { lang: "es", value: "Se descubrió que idccms V1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente admin/vpsClass_deal.php?mudi=add", }, ], id: "CVE-2024-36547", lastModified: "2024-11-21T09:22:23.450", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-04T15:15:47.210", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms/blob/main/32/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms/blob/main/32/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-05 19:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/sigubbs/cms/blob/main/33/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/sigubbs/cms/blob/main/33/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente admin/vpsClass_deal.php?mudi=del", }, ], id: "CVE-2024-36670", lastModified: "2025-04-15T17:02:41.540", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-05T19:15:15.950", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sigubbs/cms/blob/main/33/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/sigubbs/cms/blob/main/33/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-05 19:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/da271133/cms2/blob/main/45/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/da271133/cms2/blob/main/45/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía una falsificación de solicitud entre sitios (CSRF) a través del componente http://127.0.0.1:80/admin/vpsApiData_deal.php?mudi=del", }, ], id: "CVE-2024-39021", lastModified: "2025-04-15T17:02:28.667", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-05T19:15:10.000", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms2/blob/main/45/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms2/blob/main/45/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2022-03-21 22:15
Modified
2025-04-22 14:51
Severity ?
Summary
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Cutegod/idcCMS/issues/1 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Cutegod/idcCMS/issues/1 | Exploit, Issue Tracking, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.10:*:*:*:*:*:*:*", matchCriteriaId: "7E2F2265-5A4C-4466-A064-4CFD8427C990", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.", }, { lang: "es", value: "Se ha detectado que idcCMS versión v1.10, contiene un problema que permite a atacantes eliminar arbitrariamente el archivo install.lock, lo que resulta en un restablecimiento de la configuración y los datos del CMS", }, ], id: "CVE-2022-27333", lastModified: "2025-04-22T14:51:37.563", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2022-03-21T22:15:08.110", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/Cutegod/idcCMS/issues/1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/Cutegod/idcCMS/issues/1", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-15 02:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/FirstLIF/cms/blob/main/1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/FirstLIF/cms/blob/main/1.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.", }, ], id: "CVE-2024-35108", lastModified: "2025-04-15T17:02:50.950", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-15T02:15:08.143", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/FirstLIF/cms/blob/main/1.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/FirstLIF/cms/blob/main/1.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-14 16:17
Modified
2025-04-15 17:03
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Thirtypenny77/cms/blob/main/8.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Thirtypenny77/cms/blob/main/8.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/infoType_deal.php?mudi=rev&nohrefStr=close.", }, ], id: "CVE-2024-35011", lastModified: "2025-04-15T17:03:25.167", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-14T16:17:30.987", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms/blob/main/8.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms/blob/main/8.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-04 15:15
Modified
2024-11-21 09:22
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/da271133/cms/blob/main/30/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/da271133/cms/blob/main/30/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través de /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close", }, ], id: "CVE-2024-36549", lastModified: "2024-11-21T09:22:23.910", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-04T15:15:47.397", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms/blob/main/30/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms/blob/main/30/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-05 19:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/da271133/cms2/blob/main/48/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/da271133/cms2/blob/main/48/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close", }, { lang: "es", value: " Se descubrió que idccms v1.35 contiene una vulnerabilidad de Cross Site Request Forgery (CSRF) a través de admin/info_deal.php?mudi=add&nohrefStr=close", }, ], id: "CVE-2024-39023", lastModified: "2025-04-15T17:02:19.220", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-05T19:15:10.167", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms2/blob/main/48/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms2/blob/main/48/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 14:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Thirtypenny77/cms2/blob/main/50/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Thirtypenny77/cms2/blob/main/50/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.", }, ], id: "CVE-2024-39153", lastModified: "2025-04-15T17:02:06.563", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-27T14:15:15.717", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/50/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/50/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:20
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/19/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/19/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.", }, ], id: "CVE-2024-35554", lastModified: "2025-04-09T18:20:34.677", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.307", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/19/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/19/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-06 13:15
Modified
2025-04-15 16:57
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/xyaly163/cms/blob/main/1.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/xyaly163/cms/blob/main/1.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/readDeal.php?mudi=updateWebCache.", }, ], id: "CVE-2024-33829", lastModified: "2025-04-15T16:57:58.130", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-06T13:15:49.730", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/xyaly163/cms/blob/main/1.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/xyaly163/cms/blob/main/1.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-05 19:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/da271133/cms2/blob/main/46/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/da271133/cms2/blob/main/46/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close", }, { lang: "es", value: " Se descubrió que idccms v1.35 contiene una vulnerabilidad de Cross Site Request Forgery (CSRF) a través de /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close", }, ], id: "CVE-2024-39020", lastModified: "2025-04-15T17:02:32.660", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-05T19:15:09.920", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms2/blob/main/46/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms2/blob/main/46/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-16 15:15
Modified
2025-04-15 17:03
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Gr-1m/cms/blob/main/2.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Gr-1m/cms/blob/main/2.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente admin/banner_deal.php?mudi=add", }, ], id: "CVE-2024-34958", lastModified: "2025-04-15T17:03:32.573", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 3.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-16T15:15:48.050", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Gr-1m/cms/blob/main/2.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Gr-1m/cms/blob/main/2.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:19
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/24/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/24/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/ca_deal.php?mudi=rev&nohrefStr=close.", }, ], id: "CVE-2024-35558", lastModified: "2025-04-09T18:19:40.080", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.653", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/24/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/24/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 14:15
Modified
2025-04-15 17:01
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Thirtypenny77/cms2/blob/main/55/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Thirtypenny77/cms2/blob/main/55/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/keyWord_deal.php?mudi=add.", }, ], id: "CVE-2024-39156", lastModified: "2025-04-15T17:01:48.510", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-27T14:15:16.007", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/55/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/55/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-05 19:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/da271133/cms2/blob/main/44/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/da271133/cms2/blob/main/44/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del", }, { lang: "es", value: " Se descubrió que idccms v1.35 contiene una vulnerabilidad de Cross Site Request Forgery (CSRF) a través de /admin/idcProData_deal.php?mudi=del", }, ], id: "CVE-2024-39019", lastModified: "2025-04-15T17:02:37.307", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-05T19:15:09.840", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms2/blob/main/44/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms2/blob/main/44/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-09 19:15
Modified
2025-04-15 17:01
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pangchunyuhack/cms/blob/main/60/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pangchunyuhack/cms/blob/main/60/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía una vulnerabilidad de Cross Site Request Forgery (CSRF) a través de /admin/userLevel_deal.php?mudi=add.", }, ], id: "CVE-2024-40035", lastModified: "2025-04-15T17:01:34.423", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.5, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-09T19:15:13.450", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/pangchunyuhack/cms/blob/main/60/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/pangchunyuhack/cms/blob/main/60/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-09 19:15
Modified
2025-04-15 17:01
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/pangchunyuhack/cms/blob/main/63/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/pangchunyuhack/cms/blob/main/63/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev", }, { lang: "es", value: "Se descubrió que idccms v1.35 contiene una vulnerabilidad de Cross Site Request Forgery (CSRF) a través de /admin/userScore_deal.php?mudi=rev", }, ], id: "CVE-2024-40038", lastModified: "2025-04-15T17:01:21.050", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 1.8, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-09T19:15:13.677", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/pangchunyuhack/cms/blob/main/63/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/pangchunyuhack/cms/blob/main/63/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 14:15
Modified
2025-04-15 17:01
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.", }, ], id: "CVE-2024-39157", lastModified: "2025-04-15T17:01:44.690", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 1.2, impactScore: 2.5, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-27T14:15:16.103", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-10 13:15
Modified
2025-04-15 17:00
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Tank992/cms/blob/main/68/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Tank992/cms/blob/main/68/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2", }, { lang: "es", value: "Se descubrió que idccms v1.35 contiene una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/softBak_deal.php?mudi=del&dataID=2", }, ], id: "CVE-2024-40333", lastModified: "2025-04-15T17:00:55.003", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-10T13:15:10.680", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/68/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/68/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:21
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/17/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/17/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/infoWeb_deal.php?mudi=rev.", }, ], id: "CVE-2024-35550", lastModified: "2025-04-09T18:21:16.130", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:08.947", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/17/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/17/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:19
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/27/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/27/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.", }, ], id: "CVE-2024-35557", lastModified: "2025-04-09T18:19:53.267", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 3.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.563", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/27/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/27/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:19
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/22/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/22/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.", }, ], id: "CVE-2024-35559", lastModified: "2025-04-09T18:19:26.117", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.750", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/22/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/22/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:19
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/23/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/23/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/ca_deal.php?mudi=add&nohrefStr=close.", }, ], id: "CVE-2024-35561", lastModified: "2025-04-09T18:19:02.790", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.3, impactScore: 2.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.917", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/23/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/23/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-10 14:15
Modified
2024-11-21 09:31
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Tank992/cms/blob/main/65/csrf.md | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Tank992/cms/blob/main/65/csrf.md | Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía una vulnerabilidad de Cross-Site Request Forgery (CSRF) a través de /admin/moneyRecord_deal.php?mudi=delRecord", }, ], id: "CVE-2024-40332", lastModified: "2024-11-21T09:31:00.817", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 4.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-10T14:15:12.540", references: [ { source: "cve@mitre.org", tags: [ "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/65/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://github.com/Tank992/cms/blob/main/65/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "nvd@nist.gov", type: "Primary", }, { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-07-05 19:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/da271133/cms2/blob/main/47/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/da271133/cms2/blob/main/47/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal", }, { lang: "es", value: " Se descubrió que idccms v1.35 contenía una vulnerabilidad de Cross Site Request Forgery (CSRF) a través de /admin/infoSys_deal.php?mudi=deal", }, ], id: "CVE-2024-39022", lastModified: "2025-04-15T17:02:23.627", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-07-05T19:15:10.087", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms2/blob/main/47/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/da271133/cms2/blob/main/47/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:21
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/16/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/16/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/infoWeb_deal.php?mudi=add.", }, ], id: "CVE-2024-35551", lastModified: "2025-04-09T18:21:07.650", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 1.4, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.040", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/16/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/16/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-06-27 14:15
Modified
2025-04-15 17:02
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.", }, ], id: "CVE-2024-39154", lastModified: "2025-04-15T17:02:01.533", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-06-27T14:15:15.817", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-11-21 13:15
Modified
2024-11-22 21:15
Severity ?
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@vuldb.com | https://github.com/Hebing123/cve/issues/75 | Exploit, Issue Tracking, Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?ctiid.285657 | Permissions Required | |
| cna@vuldb.com | https://vuldb.com/?id.285657 | Third Party Advisory | |
| cna@vuldb.com | https://vuldb.com/?submit.442071 | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.60:*:*:*:*:*:*:*", matchCriteriaId: "EDEAEBA4-6D6F-466A-805A-4CA739290434", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "es", value: "Se ha encontrado una vulnerabilidad en idcCMS 1.60. Se ha clasificado como problemática. Afecta a la función GetCityOptionJs del archivo /inc/classProvCity.php. La manipulación del argumento idName provoca ataques de cross site scripting. Es posible iniciar el ataque de forma remota. El exploit se ha hecho público y puede utilizarse.", }, ], id: "CVE-2024-11587", lastModified: "2024-11-22T21:15:27.747", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "SINGLE", availabilityImpact: "NONE", baseScore: 4, confidentialityImpact: "NONE", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, exploitabilityScore: 8, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "cna@vuldb.com", type: "Secondary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.5, baseSeverity: "LOW", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.1, impactScore: 1.4, source: "cna@vuldb.com", type: "Secondary", }, { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 2.7, source: "nvd@nist.gov", type: "Primary", }, ], cvssMetricV40: [ { cvssData: { Automatable: "NOT_DEFINED", Recovery: "NOT_DEFINED", Safety: "NOT_DEFINED", attackComplexity: "LOW", attackRequirements: "NONE", attackVector: "NETWORK", availabilityRequirement: "NOT_DEFINED", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityRequirement: "NOT_DEFINED", exploitMaturity: "NOT_DEFINED", integrityRequirement: "NOT_DEFINED", modifiedAttackComplexity: "NOT_DEFINED", modifiedAttackRequirements: "NOT_DEFINED", modifiedAttackVector: "NOT_DEFINED", modifiedPrivilegesRequired: "NOT_DEFINED", modifiedSubAvailabilityImpact: "NOT_DEFINED", modifiedSubConfidentialityImpact: "NOT_DEFINED", modifiedSubIntegrityImpact: "NOT_DEFINED", modifiedUserInteraction: "NOT_DEFINED", modifiedVulnAvailabilityImpact: "NOT_DEFINED", modifiedVulnConfidentialityImpact: "NOT_DEFINED", modifiedVulnIntegrityImpact: "NOT_DEFINED", privilegesRequired: "LOW", providerUrgency: "NOT_DEFINED", subAvailabilityImpact: "NONE", subConfidentialityImpact: "NONE", subIntegrityImpact: "NONE", userInteraction: "NONE", valueDensity: "NOT_DEFINED", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", version: "4.0", vulnAvailabilityImpact: "NONE", vulnConfidentialityImpact: "NONE", vulnIntegrityImpact: "LOW", vulnerabilityResponseEffort: "NOT_DEFINED", }, source: "cna@vuldb.com", type: "Secondary", }, ], }, published: "2024-11-21T13:15:03.803", references: [ { source: "cna@vuldb.com", tags: [ "Exploit", "Issue Tracking", "Third Party Advisory", ], url: "https://github.com/Hebing123/cve/issues/75", }, { source: "cna@vuldb.com", tags: [ "Permissions Required", ], url: "https://vuldb.com/?ctiid.285657", }, { source: "cna@vuldb.com", tags: [ "Third Party Advisory", ], url: "https://vuldb.com/?id.285657", }, { source: "cna@vuldb.com", tags: [ "Exploit", "Third Party Advisory", ], url: "https://vuldb.com/?submit.442071", }, ], sourceIdentifier: "cna@vuldb.com", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-79", }, { lang: "en", value: "CWE-94", }, ], source: "cna@vuldb.com", type: "Secondary", }, { description: [ { lang: "en", value: "CWE-79", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:20
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/21/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/21/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/infoMove_deal.php?mudi=add&nohrefStr=close.", }, ], id: "CVE-2024-35553", lastModified: "2025-04-09T18:20:47.847", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.7, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.223", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/21/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/21/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
Vulnerability from fkie_nvd
Published
2024-05-22 14:15
Modified
2025-04-09 18:20
Severity ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://github.com/bearman113/1.md/blob/main/26/csrf.md | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/bearman113/1.md/blob/main/26/csrf.md | Exploit, Third Party Advisory |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", matchCriteriaId: "0790E0F4-51A6-479C-9321-8E42F139EDC7", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.", }, { lang: "es", value: "Se descubrió que idccms v1.35 contenía Cross-Site Request Forgery (CSRF) a través del componente /admin/vpsSys_deal.php?mudi=infoSet.", }, ], id: "CVE-2024-35556", lastModified: "2025-04-09T18:20:08.663", metrics: { cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 2.8, impactScore: 5.9, source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }, published: "2024-05-22T14:15:09.467", references: [ { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/26/csrf.md", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://github.com/bearman113/1.md/blob/main/26/csrf.md", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Analyzed", weaknesses: [ { description: [ { lang: "en", value: "CWE-352", }, ], source: "134c704f-9b21-4f2e-91b3-4a467353bcc0", type: "Secondary", }, ], }
cve-2024-35109
Vulnerability from cvelistv5
Published
2024-05-15 02:03
Modified
2025-02-13 15:54
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35109", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-15T15:19:39.715031Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:34:23.947Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.293Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/FirstLIF/cms/blob/main/2.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T02:03:24.094Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/FirstLIF/cms/blob/main/2.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35109", datePublished: "2024-05-15T02:03:23.635Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:54:03.519Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36547
Vulnerability from cvelistv5
Published
2024-06-04 14:44
Modified
2025-02-13 15:59
Severity ?
EPSS score ?
Summary
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T03:37:05.337Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/da271133/cms/blob/main/32/csrf.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-36547", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-19T16:22:14.030270Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-19T16:23:58.691Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T14:49:36.262Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/da271133/cms/blob/main/32/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-36547", datePublished: "2024-06-04T14:44:18.532Z", dateReserved: "2024-05-30T00:00:00.000Z", dateUpdated: "2025-02-13T15:59:21.521Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36550
Vulnerability from cvelistv5
Published
2024-06-04 14:48
Modified
2025-02-13 15:59
Severity ?
EPSS score ?
Summary
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T03:37:05.269Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/da271133/cms/blob/main/29/csrf.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-36550", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-21T15:19:24.924327Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-21T15:19:32.611Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T14:48:31.419Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/da271133/cms/blob/main/29/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-36550", datePublished: "2024-06-04T14:48:31.138Z", dateReserved: "2024-05-30T00:00:00.000Z", dateUpdated: "2025-02-13T15:59:23.514Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34957
Vulnerability from cvelistv5
Published
2024-05-16 14:34
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T03:07:45.425Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Gr-1m/cms/blob/main/1.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34957", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-19T16:22:35.794580Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-19T16:24:13.602Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-16T14:34:21.429Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Gr-1m/cms/blob/main/1.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34957", datePublished: "2024-05-16T14:34:21.007Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:47.708Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40038
Vulnerability from cvelistv5
Published
2024-07-09 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40038", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T19:06:29.976896Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T16:36:37.367Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:11.637Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/pangchunyuhack/cms/blob/main/63/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-09T18:30:42.372283", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/pangchunyuhack/cms/blob/main/63/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-40038", datePublished: "2024-07-09T00:00:00", dateReserved: "2024-07-05T00:00:00", dateUpdated: "2024-08-02T04:33:11.637Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-11587
Vulnerability from cvelistv5
Published
2024-11-21 12:31
Modified
2024-11-21 14:36
Severity ?
5.3 (Medium) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
3.5 (Low) - CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
EPSS score ?
Summary
A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.
References
| ▼ | URL | Tags |
|---|---|---|
| https://vuldb.com/?id.285657 | vdb-entry, technical-description | |
| https://vuldb.com/?ctiid.285657 | signature, permissions-required | |
| https://vuldb.com/?submit.442071 | third-party-advisory | |
| https://github.com/Hebing123/cve/issues/75 | exploit, issue-tracking |
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms:idccms:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms", versions: [ { status: "affected", version: "1.6.0", }, ], }, ], metrics: [ { other: { content: { id: "CVE-2024-11587", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-21T14:34:18.223605Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-11-21T14:36:23.632Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "idcCMS", vendor: "n/a", versions: [ { status: "affected", version: "1.60", }, ], }, ], credits: [ { lang: "en", type: "reporter", value: "jiashenghe (VulDB User)", }, ], descriptions: [ { lang: "en", value: "A vulnerability was found in idcCMS 1.60. It has been classified as problematic. This affects the function GetCityOptionJs of the file /inc/classProvCity.php. The manipulation of the argument idName leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.", }, { lang: "de", value: "Es wurde eine Schwachstelle in idcCMS 1.60 ausgemacht. Sie wurde als problematisch eingestuft. Es geht dabei um die Funktion GetCityOptionJs der Datei /inc/classProvCity.php. Durch das Beeinflussen des Arguments idName mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung.", }, ], metrics: [ { cvssV4_0: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N", version: "4.0", }, }, { cvssV3_1: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { cvssV3_0: { baseScore: 3.5, baseSeverity: "LOW", vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", version: "3.0", }, }, { cvssV2_0: { baseScore: 4, vectorString: "AV:N/AC:L/Au:S/C:N/I:P/A:N", version: "2.0", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "Cross Site Scripting", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-94", description: "Code Injection", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-21T12:31:04.263Z", orgId: "1af790b2-7ee1-4545-860a-a788eba489b5", shortName: "VulDB", }, references: [ { name: "VDB-285657 | idcCMS classProvCity.php GetCityOptionJs cross site scripting", tags: [ "vdb-entry", "technical-description", ], url: "https://vuldb.com/?id.285657", }, { name: "VDB-285657 | CTI Indicators (IOB, IOC, TTP, IOA)", tags: [ "signature", "permissions-required", ], url: "https://vuldb.com/?ctiid.285657", }, { name: "Submit #442071 | 福州网钛软件科技有限公司 idcCMS V1.60 Cross-site Scripting", tags: [ "third-party-advisory", ], url: "https://vuldb.com/?submit.442071", }, { tags: [ "exploit", "issue-tracking", ], url: "https://github.com/Hebing123/cve/issues/75", }, ], timeline: [ { lang: "en", time: "2024-11-21T00:00:00.000Z", value: "Advisory disclosed", }, { lang: "en", time: "2024-11-21T01:00:00.000Z", value: "VulDB entry created", }, { lang: "en", time: "2024-11-21T07:52:29.000Z", value: "VulDB entry last update", }, ], title: "idcCMS classProvCity.php GetCityOptionJs cross site scripting", }, }, cveMetadata: { assignerOrgId: "1af790b2-7ee1-4545-860a-a788eba489b5", assignerShortName: "VulDB", cveId: "CVE-2024-11587", datePublished: "2024-11-21T12:31:04.263Z", dateReserved: "2024-11-21T06:47:25.792Z", dateUpdated: "2024-11-21T14:36:23.632Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39155
Vulnerability from cvelistv5
Published
2024-06-27 00:00
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39155", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-18T20:17:40.933071Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-18T20:20:56.452Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.649Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/56/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T13:37:14.650676", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Thirtypenny77/cms2/blob/main/56/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39155", datePublished: "2024-06-27T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-02T04:19:20.649Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39156
Vulnerability from cvelistv5
Published
2024-06-27 00:00
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39156", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T18:19:19.428970Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T18:19:57.417Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.616Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/55/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T13:37:15.366677", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Thirtypenny77/cms2/blob/main/55/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39156", datePublished: "2024-06-27T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-02T04:19:20.616Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40036
Vulnerability from cvelistv5
Published
2024-07-09 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40036", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T15:39:25.221532Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T16:00:07.551Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:11.533Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/pangchunyuhack/cms/blob/main/61/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-09T18:34:48.828154", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/pangchunyuhack/cms/blob/main/61/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-40036", datePublished: "2024-07-09T00:00:00", dateReserved: "2024-07-05T00:00:00", dateUpdated: "2024-08-02T04:33:11.533Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35558
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-03-25 13:41
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35558", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-22T15:37:44.396077Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T13:41:36.531Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.203Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/24/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:53.612Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/24/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35558", datePublished: "2024-05-22T13:38:53.268Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-03-25T13:41:36.531Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35557
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-02-13 15:58
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35557", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-23T15:48:52.717115Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:33:57.024Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.338Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/27/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:52.888Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/27/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35557", datePublished: "2024-05-22T13:38:52.607Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-02-13T15:58:57.917Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35555
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-02-13 15:58
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35555", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-23T19:54:18.719621Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:34:16.895Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.832Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/18/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:52.316Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/18/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35555", datePublished: "2024-05-22T13:38:51.933Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-02-13T15:58:56.791Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35552
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-02-13 15:58
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35552", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-11-01T17:22:51.868677Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-11-01T17:29:01.865Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.046Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/20/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:48.296Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/20/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35552", datePublished: "2024-05-22T13:38:47.959Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-02-13T15:58:55.186Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35550
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-03-25 15:58
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.
References
{ containers: { adp: [ { metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35550", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-22T18:19:16.323429Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T15:58:09.115Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.302Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/17/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:46.975Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/17/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35550", datePublished: "2024-05-22T13:38:46.600Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-03-25T15:58:09.115Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33830
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2024-08-02 02:42
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 8.1, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33830", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-07T17:25:54.101667Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:44:03.406Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:58.733Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/xyaly163/cms/blob/main/2.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T12:45:46.477090", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/xyaly163/cms/blob/main/2.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33830", datePublished: "2024-05-06T00:00:00", dateReserved: "2024-04-26T00:00:00", dateUpdated: "2024-08-02T02:42:58.733Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39157
Vulnerability from cvelistv5
Published
2024-06-27 00:00
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39157", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-27T18:17:51.313647Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T18:18:52.757Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.638Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T13:37:16.172771", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Thirtypenny77/cms2/blob/main/57/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39157", datePublished: "2024-06-27T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-02T04:19:20.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35551
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-03-25 15:32
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "affected", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35551", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-22T15:41:15.980675Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T15:32:07.829Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.409Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/16/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:47.529Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/16/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35551", datePublished: "2024-05-22T13:38:47.219Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-03-25T15:32:07.829Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35554
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-03-26 16:08
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35554", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-05T14:01:26.643030Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-26T16:08:39.990Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.498Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/19/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:49.603Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/19/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35554", datePublished: "2024-05-22T13:38:49.270Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-03-26T16:08:39.990Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39019
Vulnerability from cvelistv5
Published
2024-07-05 00:00
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39019", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-08T14:12:58.043631Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-08T14:21:44.677Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.485Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/da271133/cms2/blob/main/44/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-05T18:19:21.463603", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/da271133/cms2/blob/main/44/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39019", datePublished: "2024-07-05T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-02T04:19:20.485Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40035
Vulnerability from cvelistv5
Published
2024-07-09 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "LOW", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40035", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T14:51:49.265354Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T14:53:05.855Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:11.625Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/pangchunyuhack/cms/blob/main/60/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-09T18:24:28.481276", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/pangchunyuhack/cms/blob/main/60/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-40035", datePublished: "2024-07-09T00:00:00", dateReserved: "2024-07-05T00:00:00", dateUpdated: "2024-08-02T04:33:11.625Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39022
Vulnerability from cvelistv5
Published
2024-07-05 00:00
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39022", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-16T15:41:17.721884Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-17T14:31:05.020Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.582Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/da271133/cms2/blob/main/47/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-05T18:14:55.038757", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/da271133/cms2/blob/main/47/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39022", datePublished: "2024-07-05T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-02T04:19:20.582Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40328
Vulnerability from cvelistv5
Published
2024-07-10 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40328", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T13:49:50.496663Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T13:49:59.897Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:11.664Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Tank992/cms/blob/main/70/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T13:07:23.990412", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Tank992/cms/blob/main/70/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-40328", datePublished: "2024-07-10T00:00:00", dateReserved: "2024-07-05T00:00:00", dateUpdated: "2024-08-02T04:33:11.664Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40331
Vulnerability from cvelistv5
Published
2024-07-10 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "v1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40331", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-11T20:30:37.768656Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-11T20:35:05.002Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:11.557Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Tank992/cms/blob/main/66/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T13:09:47.650045", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Tank992/cms/blob/main/66/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-40331", datePublished: "2024-07-10T00:00:00", dateReserved: "2024-07-05T00:00:00", dateUpdated: "2024-08-02T04:33:11.557Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39153
Vulnerability from cvelistv5
Published
2024-06-27 00:00
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 4.7, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39153", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-28T20:13:00.893691Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-28T20:14:47.804Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.568Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/50/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T13:37:12.707998", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Thirtypenny77/cms2/blob/main/50/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39153", datePublished: "2024-06-27T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-02T04:19:20.568Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35108
Vulnerability from cvelistv5
Published
2024-05-15 02:03
Modified
2025-02-13 15:54
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35108", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-20T19:16:44.278488Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:34:33.436Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.814Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/FirstLIF/cms/blob/main/1.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-15T02:03:22.185Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/FirstLIF/cms/blob/main/1.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35108", datePublished: "2024-05-15T02:03:21.810Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:54:03.006Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-34958
Vulnerability from cvelistv5
Published
2024-05-16 14:32
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.5, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-34958", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-16T18:26:16.241696Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:42:04.281Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:45.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Gr-1m/cms/blob/main/2.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-16T14:32:49.909Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Gr-1m/cms/blob/main/2.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-34958", datePublished: "2024-05-16T14:32:49.596Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:48.246Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35559
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-02-13 15:58
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35559", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-05-22T17:47:28.421406Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:34:23.528Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.514Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/22/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:54.500Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/22/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35559", datePublished: "2024-05-22T13:38:54.163Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-02-13T15:58:58.998Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39020
Vulnerability from cvelistv5
Published
2024-07-05 00:00
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39020", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-08T15:15:59.601121Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-08T15:17:18.839Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.509Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/da271133/cms2/blob/main/46/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-05T18:23:07.652192", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/da271133/cms2/blob/main/46/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39020", datePublished: "2024-07-05T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-02T04:19:20.509Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40333
Vulnerability from cvelistv5
Published
2024-07-10 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40333", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T16:08:02.326941Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T16:09:52.523Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:11.574Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Tank992/cms/blob/main/68/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T13:03:02.808584", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Tank992/cms/blob/main/68/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-40333", datePublished: "2024-07-10T00:00:00", dateReserved: "2024-07-05T00:00:00", dateUpdated: "2024-08-02T04:33:11.574Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-33829
Vulnerability from cvelistv5
Published
2024-05-06 00:00
Modified
2024-08-02 02:42
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-33829", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-06T14:50:20.493366Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:45:11.714Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T02:42:59.583Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/xyaly163/cms/blob/main/1.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-06T12:45:45.015251", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/xyaly163/cms/blob/main/1.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-33829", datePublished: "2024-05-06T00:00:00", dateReserved: "2024-04-26T00:00:00", dateUpdated: "2024-08-02T02:42:59.583Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35012
Vulnerability from cvelistv5
Published
2024-05-14 13:58
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "-", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.3, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35012", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-16T19:03:33.041322Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T17:33:40.435Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.398Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Thirtypenny77/cms/blob/main/7.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-14T13:58:32.122Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Thirtypenny77/cms/blob/main/7.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35012", datePublished: "2024-05-14T13:58:31.739Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:52.701Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35039
Vulnerability from cvelistv5
Published
2024-05-16 14:29
Modified
2025-03-13 15:18
Severity ?
EPSS score ?
Summary
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.8, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "HIGH", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35039", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-05-16T17:20:04.207938Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-13T15:18:13.166Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.349Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/ywf7678/cms/blob/main/1.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-16T14:29:43.209Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/ywf7678/cms/blob/main/1.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35039", datePublished: "2024-05-16T14:29:42.759Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-03-13T15:18:13.166Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39158
Vulnerability from cvelistv5
Published
2024-06-27 00:00
Modified
2024-08-12 13:01
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.547Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39158", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-12T12:57:25.497001Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-12T13:01:20.469Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T13:37:17.259997", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Thirtypenny77/cms2/blob/main/58/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39158", datePublished: "2024-06-27T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-12T13:01:20.469Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35556
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-02-13 15:58
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.181Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/26/csrf.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35556", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-20T14:18:49.665584Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-20T14:19:30.909Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:50.937Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/26/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35556", datePublished: "2024-05-22T13:38:50.603Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-02-13T15:58:57.327Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39119
Vulnerability from cvelistv5
Published
2024-07-02 00:00
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39119", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-09T17:57:57.253653Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-09T17:58:35.633Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.626Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/2477231995/cms/blob/main/1.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-02T13:03:05.185049", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/2477231995/cms/blob/main/1.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39119", datePublished: "2024-07-02T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-02T04:19:20.626Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36549
Vulnerability from cvelistv5
Published
2024-06-04 14:47
Modified
2025-02-13 15:59
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T03:37:05.340Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/da271133/cms/blob/main/30/csrf.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-36549", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-14T20:04:00.273431Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-14T20:05:12.425Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T14:47:09.897Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/da271133/cms/blob/main/30/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-36549", datePublished: "2024-06-04T14:47:09.634Z", dateReserved: "2024-05-30T00:00:00.000Z", dateUpdated: "2025-02-13T15:59:22.973Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35009
Vulnerability from cvelistv5
Published
2024-05-14 13:58
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T03:07:46.530Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Thirtypenny77/cms/blob/main/5.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35009", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-08T14:57:03.524603Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-08T14:59:19.560Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-14T13:58:29.112Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Thirtypenny77/cms/blob/main/5.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35009", datePublished: "2024-05-14T13:58:28.753Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:51.059Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35561
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-02-13 15:59
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.475Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/23/csrf.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35561", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-19T15:16:25.346929Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-19T15:18:09.072Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:57.828Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/23/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35561", datePublished: "2024-05-22T13:38:57.449Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-02-13T15:59:00.049Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40329
Vulnerability from cvelistv5
Published
2024-07-10 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40329", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T16:24:44.809941Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-11T17:42:26.628Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:11.667Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Tank992/cms/blob/main/67/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T13:00:31.520466", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Tank992/cms/blob/main/67/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-40329", datePublished: "2024-07-10T00:00:00", dateReserved: "2024-07-05T00:00:00", dateUpdated: "2024-08-02T04:33:11.667Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35010
Vulnerability from cvelistv5
Published
2024-05-14 13:58
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T03:07:45.536Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Thirtypenny77/cms/blob/main/6.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35010", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-08-20T13:53:45.145990Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-20T13:54:40.945Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-14T13:58:30.363Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Thirtypenny77/cms/blob/main/6.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35010", datePublished: "2024-05-14T13:58:30.067Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:51.577Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36670
Vulnerability from cvelistv5
Published
2024-06-05 18:57
Modified
2025-02-13 15:59
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-36670", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-06-06T13:20:53.721231Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-15T19:04:02.335Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:37:05.311Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/sigubbs/cms/blob/main/33/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-05T18:57:13.014Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/sigubbs/cms/blob/main/33/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-36670", datePublished: "2024-06-05T18:57:12.653Z", dateReserved: "2024-05-30T00:00:00.000Z", dateUpdated: "2025-02-13T15:59:27.440Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40336
Vulnerability from cvelistv5
Published
2024-07-10 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 6.1, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40336", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-10T16:41:35.907140Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-79", description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T16:43:38.630Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:11.668Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Tank992/cms/blob/main/73/readme.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T13:10:28.884665", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Tank992/cms/blob/main/73/readme.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-40336", datePublished: "2024-07-10T00:00:00", dateReserved: "2024-07-05T00:00:00", dateUpdated: "2024-08-02T04:33:11.668Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39023
Vulnerability from cvelistv5
Published
2024-07-05 00:00
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39023", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-08T14:19:49.827593Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-08T14:21:01.671Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.496Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/da271133/cms2/blob/main/48/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-05T18:21:24.304408", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/da271133/cms2/blob/main/48/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39023", datePublished: "2024-07-05T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-02T04:19:20.496Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-36548
Vulnerability from cvelistv5
Published
2024-06-04 14:45
Modified
2025-02-13 15:59
Severity ?
EPSS score ?
Summary
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T03:37:05.336Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/da271133/cms/blob/main/31/csrf.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, { cpes: [ "cpe:2.3:a:idccms_project:idccms:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-36548", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-19T15:23:12.831582Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-19T15:24:23.283Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-04T14:45:52.699Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/da271133/cms/blob/main/31/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-36548", datePublished: "2024-06-04T14:45:52.245Z", dateReserved: "2024-05-30T00:00:00.000Z", dateUpdated: "2025-02-13T15:59:22.338Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40334
Vulnerability from cvelistv5
Published
2024-07-10 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40334", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-15T21:37:57.542649Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-15T21:39:10.692Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:11.647Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Tank992/cms/blob/main/69/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T13:01:43.707911", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Tank992/cms/blob/main/69/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-40334", datePublished: "2024-07-10T00:00:00", dateReserved: "2024-07-05T00:00:00", dateUpdated: "2024-08-02T04:33:11.647Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2022-27333
Vulnerability from cvelistv5
Published
2022-03-21 21:05
Modified
2024-08-03 05:25
Severity ?
EPSS score ?
Summary
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/Cutegod/idcCMS/issues/1 | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-03T05:25:32.512Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/Cutegod/idcCMS/issues/1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2022-03-21T21:05:27", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://github.com/Cutegod/idcCMS/issues/1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2022-27333", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://github.com/Cutegod/idcCMS/issues/1", refsource: "MISC", url: "https://github.com/Cutegod/idcCMS/issues/1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2022-27333", datePublished: "2022-03-21T21:05:27", dateReserved: "2022-03-21T00:00:00", dateUpdated: "2024-08-03T05:25:32.512Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39154
Vulnerability from cvelistv5
Published
2024-06-27 00:00
Modified
2024-08-02 04:19
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "v1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 8.8, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39154", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-07-03T15:23:50.680102Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-03T15:30:10.601Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.638Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-06-27T13:37:13.175692", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Thirtypenny77/cms2/blob/main/54/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39154", datePublished: "2024-06-27T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-02T04:19:20.638Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35011
Vulnerability from cvelistv5
Published
2024-05-14 13:58
Modified
2025-02-13 15:53
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T03:07:45.499Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Thirtypenny77/cms/blob/main/8.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35011", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-19T16:22:44.504581Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-19T16:24:21.456Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-14T13:58:31.325Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Thirtypenny77/cms/blob/main/8.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35011", datePublished: "2024-05-14T13:58:31.002Z", dateReserved: "2024-05-09T00:00:00.000Z", dateUpdated: "2025-02-13T15:53:52.158Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-39021
Vulnerability from cvelistv5
Published
2024-07-05 00:00
Modified
2024-08-19 15:33
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del
References
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-02T04:19:20.629Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/da271133/cms2/blob/main/45/csrf.md", }, ], title: "CVE Program Container", }, { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.4, baseSeverity: "MEDIUM", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "CHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-39021", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-08-19T15:32:57.478859Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-08-19T15:33:03.541Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-09T16:19:51.235022", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/da271133/cms2/blob/main/45/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-39021", datePublished: "2024-07-05T00:00:00", dateReserved: "2024-06-21T00:00:00", dateUpdated: "2024-08-19T15:33:03.541Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-40332
Vulnerability from cvelistv5
Published
2024-07-10 00:00
Modified
2024-08-02 04:33
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:-:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "v1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 6.8, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "LOW", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-40332", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-23T18:52:51.328214Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-23T18:54:34.564Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T04:33:11.646Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/Tank992/cms/blob/main/65/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-10T13:08:36.938403", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/Tank992/cms/blob/main/65/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-40332", datePublished: "2024-07-10T00:00:00", dateReserved: "2024-07-05T00:00:00", dateUpdated: "2024-08-02T04:33:11.646Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35553
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-02-13 15:58
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "LOW", baseScore: 8.3, baseSeverity: "HIGH", confidentialityImpact: "LOW", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "CHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35553", options: [ { Exploitation: "poc", }, { Automatable: "yes", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-07-29T14:10:23.509012Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-07-29T14:11:08.423Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:14:53.438Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/21/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:48.950Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/21/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35553", datePublished: "2024-05-22T13:38:48.665Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-02-13T15:58:55.713Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2024-35560
Vulnerability from cvelistv5
Published
2024-05-22 13:38
Modified
2025-03-25 15:36
Severity ?
EPSS score ?
Summary
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.
References
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:a:idccms_project:idccms:1.35:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "idccms", vendor: "idccms_project", versions: [ { status: "affected", version: "1.35", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, }, { other: { content: { id: "CVE-2024-35560", options: [ { Exploitation: "poc", }, { Automatable: "no", }, { "Technical Impact": "partial", }, ], role: "CISA Coordinator", timestamp: "2024-06-05T14:02:45.805134Z", version: "2.0.3", }, type: "ssvc", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-352", description: "CWE-352 Cross-Site Request Forgery (CSRF)", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2025-03-25T15:36:48.765Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-08-02T03:14:52.959Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_transferred", ], url: "https://github.com/bearman113/1.md/blob/main/25/csrf.md", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=del&dataType=&dataTypeCN.", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2024-05-22T13:38:56.019Z", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { url: "https://github.com/bearman113/1.md/blob/main/25/csrf.md", }, ], }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2024-35560", datePublished: "2024-05-22T13:38:55.636Z", dateReserved: "2024-05-17T00:00:00.000Z", dateUpdated: "2025-03-25T15:36:48.765Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }