See Recorded Future’s Threat Intelligence Solutions in Action

See our Threat Intelligence Solutions in Action

Reduce risk and mitigate cyber attacks, no matter your IT & security stack, maturity journey, or industry

Book a free demo

View Solutions to Reduce Risk

See Recorded Future’s Intelligence in Action

Reduce operational risk through timely, precise, and actionable intelligence.

Book a free demo

Intelligence Cloud Overview

View Services & Support Overview

View Research Overview

CVE-2024-40038

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 9, 2024

Updated: Jul 11, 2024

CWE ID 352

Summary

CVE-2024-40038 is a newly identified vulnerability affecting idccms version 1.35. This issue permits an attacker to execute malicious actions through a Cross-Site Request Forgery (CSRF) attack on the /admin/userScore_deal.php?mudi=rev page. The CSRF vulnerability enables an attacker to submit unintended commands to the application on behalf of an unsuspecting user, potentially leading to data theft or unauthorized system modifications. It is crucial for users to update their idccms installations to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

Back to Vulnerability Database