CVE-2024-40036

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 9, 2024
Updated: Jul 11, 2024
CWE ID 79

Summary

CVE-2024-40036 is a newly disclosed vulnerability affecting idccms version 1.35. This issue permits an attacker to execute Cross-Site Request Forgery (CSRF) attacks through the /admin/userGroup_deal.php?mudi=add&nohrefStr=close endpoint. An attacker can manipulate a victim's session to perform unintended actions, potentially leading to privilege escalation or data theft. Users are advised to upgrade to a patched version of idccms as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share