CVE-2024-2822 in DedeCMSinfo

Summary

by MITRE • 03/22/2024

A vulnerability, which was classified as problematic, was found in DedeCMS 5.7. This affects an unknown part of the file /src/dede/vote_edit.php. The manipulation of the argument aid leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-257709 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Analysis

by VulDB Data Team • 04/13/2025

The vulnerability identified as CVE-2024-2822 represents a critical cross-site request forgery weakness within DedeCMS version 5.7, specifically affecting the /src/dede/vote_edit.php file. This flaw resides in the handling of the aid parameter, which when manipulated by an attacker can deceive users into performing unintended actions on the vulnerable web application. The vulnerability's classification as problematic indicates its potential for serious security implications, particularly given that it affects core administrative functionality within the content management system. The issue demonstrates a fundamental failure in the application's request validation mechanisms, where proper CSRF token implementation or verification is missing or inadequate. The fact that this vulnerability has been publicly disclosed and is known to be exploitable underscores the urgent need for immediate remediation efforts.

The technical exploitation of this CSRF vulnerability occurs through the manipulation of the aid argument within the vote_edit.php file, which serves as an entry point for attackers to craft malicious requests that appear to originate from legitimate administrative users. This flaw enables remote attackers to execute unauthorized actions against the vulnerable DedeCMS installation without requiring user authentication or interaction beyond the initial exploitation phase. The vulnerability's impact extends beyond simple data manipulation as it can potentially allow attackers to modify voting configurations, alter poll results, or even compromise the entire administrative interface. The absence of proper CSRF protection mechanisms in this administrative endpoint creates a dangerous attack surface that could be leveraged for more sophisticated attacks including privilege escalation or persistent malicious modifications to the website's content management capabilities.

The operational impact of CVE-2024-2822 is significant for organizations utilizing DedeCMS 5.7, as it provides attackers with a remote vector for compromising the web application's integrity and potentially gaining unauthorized administrative access. This vulnerability directly violates security principles outlined in CWE-352, which specifically addresses Cross-Site Request Forgery vulnerabilities, and aligns with ATT&CK technique T1566.002 for credential harvesting through spearphishing with a malicious attachment or link. Organizations may face reputational damage, data integrity issues, and potential regulatory compliance violations if this vulnerability is exploited successfully. The lack of vendor response to early disclosure attempts compounds the risk, leaving users without official patches or mitigations during the period when the vulnerability remains unaddressed. The public availability of exploitation methods means that any organization running the affected DedeCMS version is immediately at risk of compromise.

Mitigation strategies for CVE-2024-2822 should prioritize immediate implementation of CSRF protection measures including the addition of proper anti-CSRF tokens to all administrative forms and endpoints. Organizations should ensure that all requests to vote_edit.php and similar administrative functions require valid session tokens that are verified server-side before processing any modifications. The implementation of SameSite cookies and proper Content Security Policy headers can provide additional layers of protection against this class of vulnerability. Regular security audits and input validation should be enforced to prevent similar issues in other components of the CMS. Organizations should also consider implementing web application firewalls to detect and block suspicious request patterns. The lack of vendor response highlights the importance of proactive security measures and the necessity for organizations to maintain their own security patches and updates, particularly for open source software where vendor support may be limited or delayed. Immediate patching or workaround implementation is essential to prevent exploitation of this vulnerability.

Responsible

VulDB

Reservation

03/22/2024

Disclosure

03/22/2024

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.00370

KEV

no

Activities

very low

Sources

Do you need the next level of professionalism?

Upgrade your account now!