ByteOS

Matching Score-10

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.12% / 32.44%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-25 Mar, 2025 | 16:15

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-4172

Matching Score-10

Assigner-VulDB

Matching Score-10

Assigner-VulDB

CVSS Score-4.3||MEDIUM

EPSS-0.11% / 29.60%

7 Day CHG-0.00%

Published-25 Apr, 2024 | 14:00

Updated-01 Aug, 2024 | 20:33

idcCMS cross-site request forgery

A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991.

Vendor-n/a idccms_project

Product-idcCMS idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-40037

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.29% / 52.25%

7 Day CHG~0.00%

Published-09 Jul, 2024 | 00:00

Updated-02 Aug, 2024 | 04:33

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-40039

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.29% / 52.25%

7 Day CHG~0.00%

Published-09 Jul, 2024 | 00:00

Updated-13 Mar, 2025 | 18:15

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-40328

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.3||MEDIUM

EPSS-0.15% / 36.79%

7 Day CHG~0.00%

Published-10 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-40332

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.8||MEDIUM

EPSS-0.05% / 14.46%

7 Day CHG~0.00%

Published-10 Jul, 2024 | 00:00

Updated-02 Aug, 2024 | 04:33

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-40034

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.29% / 52.25%

7 Day CHG~0.00%

Published-09 Jul, 2024 | 00:00

Updated-02 Aug, 2024 | 04:33

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-40334

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.29% / 52.25%

7 Day CHG~0.00%

Published-10 Jul, 2024 | 00:00

Updated-02 Aug, 2024 | 04:33

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39021

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.12% / 32.46%

7 Day CHG~0.00%

Published-05 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39158

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.15% / 35.65%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39119

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.16% / 37.63%

7 Day CHG~0.00%

Published-02 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39154

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.10% / 28.84%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39023

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.15% / 35.65%

7 Day CHG~0.00%

Published-05 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39020

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.3||MEDIUM

EPSS-0.07% / 22.85%

7 Day CHG~0.00%

Published-05 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39022

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.15% / 36.71%

7 Day CHG~0.00%

Published-05 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39153

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-4.7||MEDIUM

EPSS-0.04% / 13.03%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/info_deal.php?mudi=del&dataType=news&dataTypeCN.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-36670

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.11% / 30.09%

7 Day CHG~0.00%

Published-05 Jun, 2024 | 18:57

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-36550

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.13% / 32.96%

7 Day CHG~0.00%

Published-04 Jun, 2024 | 14:48

Updated-13 Feb, 2025 | 15:59

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-36667

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.12% / 31.37%

7 Day CHG~0.00%

Published-05 Jun, 2024 | 19:01

Updated-13 Feb, 2025 | 15:59

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-36668

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.12% / 31.97%

7 Day CHG~0.00%

Published-05 Jun, 2024 | 19:00

Updated-13 Feb, 2025 | 15:59

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-36547

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.12% / 31.08%

7 Day CHG~0.00%

Published-04 Jun, 2024 | 14:44

Updated-13 Feb, 2025 | 15:59

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-36669

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.12% / 31.37%

7 Day CHG~0.00%

Published-05 Jun, 2024 | 18:56

Updated-13 Feb, 2025 | 15:59

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35557

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.5||MEDIUM

EPSS-0.10% / 28.25%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-13 Feb, 2025 | 15:58

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35558

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.21% / 43.94%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-25 Mar, 2025 | 14:15

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35559

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.21% / 43.21%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-13 Feb, 2025 | 15:58

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35561

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.17% / 38.45%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-13 Feb, 2025 | 15:59

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35555

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.3||MEDIUM

EPSS-0.10% / 28.25%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-13 Feb, 2025 | 15:58

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35109

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-0.05% / 14.80%

7 Day CHG~0.00%

Published-15 May, 2024 | 02:03

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35108

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.11% / 30.10%

7 Day CHG~0.00%

Published-15 May, 2024 | 02:03

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35011

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.27% / 49.80%

7 Day CHG~0.00%

Published-14 May, 2024 | 13:58

Updated-15 Apr, 2025 | 17:03

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35012

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.3||MEDIUM

EPSS-0.16% / 37.09%

7 Day CHG~0.00%

Published-14 May, 2024 | 13:58

Updated-15 Apr, 2025 | 17:03

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35009

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.34% / 55.85%

7 Day CHG~0.00%

Published-14 May, 2024 | 13:58

Updated-15 Apr, 2025 | 16:57

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-34958

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.5||MEDIUM

EPSS-2.08% / 83.26%

7 Day CHG~0.00%

Published-16 May, 2024 | 14:32

Updated-15 Apr, 2025 | 17:03

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-33830

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.1||HIGH

EPSS-0.18% / 39.25%

7 Day CHG~0.00%

Published-06 May, 2024 | 00:00

Updated-15 Apr, 2025 | 16:57

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-40329

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.31% / 53.34%

7 Day CHG+0.01%

Published-10 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39155

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-6.8||MEDIUM

EPSS-0.07% / 22.19%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39157

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-3.8||LOW

EPSS-0.06% / 19.54%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=del&dataType=&dataID=1.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-34957

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.32% / 54.71%

7 Day CHG~0.00%

Published-16 May, 2024 | 14:34

Updated-15 Apr, 2025 | 17:03

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-40331

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-8.8||HIGH

EPSS-0.12% / 31.07%

7 Day CHG~0.00%

Published-10 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39019

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.13% / 33.78%

7 Day CHG~0.00%

Published-05 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:02

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35039

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-3.8||LOW

EPSS-0.14% / 34.79%

7 Day CHG~0.00%

Published-16 May, 2024 | 14:29

Updated-15 Apr, 2025 | 17:03

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-40038

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.3||MEDIUM

EPSS-0.08% / 24.03%

7 Day CHG~0.00%

Published-09 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=rev

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-40035

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.9||MEDIUM

EPSS-0.08% / 24.03%

7 Day CHG~0.00%

Published-09 Jul, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-39156

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-3.8||LOW

EPSS-0.06% / 19.54%

7 Day CHG~0.00%

Published-27 Jun, 2024 | 00:00

Updated-15 Apr, 2025 | 17:01

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=add.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-36548

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.12% / 31.97%

7 Day CHG~0.00%

Published-04 Jun, 2024 | 14:45

Updated-13 Feb, 2025 | 15:59

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-35554

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.19% / 40.58%

7 Day CHG~0.00%

Published-22 May, 2024 | 13:38

Updated-26 Mar, 2025 | 16:15

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.

Vendor-n/a idccms_project

Product-n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-33829

Matching Score-6

Assigner-MITRE Corporation

Matching Score-6

Assigner-MITRE Corporation

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 30.02%

7 Day CHG~0.00%

Published-06 May, 2024 | 00:00

Updated-15 Apr, 2025 | 16:57

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.

Product-idccms n/a idccms

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-57160

Matching Score-4

Assigner-MITRE Corporation

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-4.3||MEDIUM

EPSS-0.03% / 7.74%

7 Day CHG~0.00%

Published-16 Jan, 2025 | 00:00

Updated-24 Feb, 2025 | 19:38

07FLYCMS V1.3.9 was discovered to contain a Cross-Site Request Forgery (CSRF) via /erp.07fly.net:80/oa/OaTask/edit.html.

Vendor-n/a 07FLY

Product-customer_relationship_management n/a

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-5804

Matching Score-4

Assigner-Wordfence

Matching Score-4

Assigner-Wordfence

CVSS Score-4.3||MEDIUM

EPSS-0.07% / 21.02%

7 Day CHG+0.03%

Published-20 Jul, 2024 | 02:02

Updated-01 Aug, 2024 | 21:25

Conditional Fields for Contact Form 7 <= 2.4.13 - Cross-Site Request Forgery to Plugin Setting Reset

The Conditional Fields for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.13. This is due to missing or incorrect nonce validation on the wpcf7cf_admin_init function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendor-jules-colle

Product-Conditional Fields for Contact Form 7

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2024-56474

Matching Score-4

Assigner-IBM Corporation