Cross-Site Request Forgery Vulnerability in Dingfanzu CMS
CVE-2024-46485

Currently unrated

Key Information:

Vendor: Dingfanzu
Vendor: CVE Published:; 25 September 2024

Summary

Dingfanzu CMS version 1.0 is susceptible to a Cross-Site Request Forgery (CSRF) attack through the /admin/doAdminAction.php?act=addCate endpoint. This vulnerability allows an attacker to trick a victim into submitting unauthorized requests, potentially leading to unauthorized actions within the admin interface of the CMS. Proper validation and implementation of anti-CSRF tokens are crucial to mitigate the impact of this vulnerability and enhance the security posture of the web application.

References

https://github.com/kikaku-ship/cms/tree/main/1/readme.md

Timeline

Vulnerability published
Sep 25, 2024