CVE-2024-40333

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jul 10, 2024

Updated: Jul 11, 2024

CWE ID 79

Summary

CVE-2024-40333 is a newly identified Cross-Site Request Forgery (CSRF) vulnerability affecting idccms version 1.35. This issue allows an attacker to execute malicious actions on an affected system by tricking a user into making unintended requests to the /admin/softBak_deal.php?mudi=del&dataID=2 endpoint. The CSRF attack can potentially lead to unauthorized modifications or deletions of data. Users of idccms version 1.35 are recommended to upgrade to a patched version or implement appropriate security measures to mitigate the risk of CSRF attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/w07cxn
https://www.cve.org/CVERecord?id=CVE-2024-40333
https://nvd.nist.gov/vuln/detail/CVE-2024-40333

Back to Vulnerability Database

CVE-2024-40333

CVSS 3.1 Score 8.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations