CVE-2024-40036
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Jul 9, 2024
Updated: Jul 11, 2024
CWE ID 79
Summary
CVE-2024-40036 is a newly disclosed vulnerability affecting idccms version 1.35. This issue permits an attacker to execute Cross-Site Request Forgery (CSRF) attacks through the /admin/userGroup_deal.php?mudi=add&nohrefStr=close endpoint. An attacker can manipulate a victim's session to perform unintended actions, potentially leading to privilege escalation or data theft. Users are advised to upgrade to a patched version of idccms as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share