CVE-2024-46085 in FrogCMS
Summary
by MITRE • 09/17/2024
FrogCMS V0.9.5 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/?/plugin/file_manager/rename
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/10/2025
The vulnerability identified as CVE-2024-46085 affects FrogCMS version 0.9.5 and represents a critical cross-site request forgery flaw that can be exploited through the administrative file manager component. This vulnerability specifically targets the rename functionality within the plugin file manager interface, which is accessible via the URL path /admin/?/plugin/file_manager/rename. The flaw allows authenticated attackers with administrative privileges to manipulate file operations without proper authorization, potentially leading to unauthorized file modifications, deletions, or renaming operations within the CMS administrative environment.
The technical implementation of this CSRF vulnerability stems from the absence of proper anti-forgery tokens or validation mechanisms when processing file rename requests through the administrative interface. When an administrator performs actions within the file manager, the system fails to verify the authenticity of the request source, making it susceptible to exploitation through malicious web pages or crafted requests that can trick the authenticated administrator into executing unintended file operations. This weakness directly aligns with CWE-352, which defines Cross-Site Request Forgery as a security vulnerability that occurs when a web application fails to validate the origin of requests, allowing attackers to perform actions on behalf of authenticated users.
The operational impact of this vulnerability extends beyond simple file manipulation, as it provides attackers with a potential pathway for more severe attacks within the CMS environment. An attacker could leverage this CSRF vulnerability to rename critical system files, potentially disrupting CMS functionality or creating backdoors for persistent access. The attack vector becomes particularly dangerous when considering that the vulnerability exists within the administrative interface, meaning that successful exploitation would grant the attacker elevated privileges within the system. This scenario aligns with ATT&CK technique T1566, which covers social engineering tactics that can lead to privilege escalation through exploitation of web application vulnerabilities.
Organizations using FrogCMS version 0.9.5 should prioritize immediate remediation through patching or implementing temporary mitigations such as adding CSRF tokens to the file manager operations. The vulnerability demonstrates the importance of implementing robust input validation and request origin verification mechanisms within administrative interfaces. Security teams should also conduct comprehensive audits of all administrative endpoints to identify similar CSRF vulnerabilities that may exist within the CMS or related plugins. Additional defensive measures could include implementing web application firewalls with CSRF detection capabilities and ensuring that all administrative functions require proper authentication tokens that are validated against known legitimate sessions.