CVE-2024-48191 in dingfanzuinfo

Summary

by MITRE • 10/28/2024

dingfanzu CMS 1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=delAdmin&id=17

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 05/28/2025

The vulnerability identified as CVE-2024-48191 affects dingfanzu CMS version 1.0 and represents a critical Cross-Site Request Forgery flaw that allows unauthorized users to perform administrative actions on behalf of legitimate users. This vulnerability exists within the administrative component of the CMS system, specifically in the file /admin/doAdminAction.php which processes administrative actions through the act parameter. The particular endpoint vulnerable to CSRF attacks is the deletion of administrative accounts where the id parameter is used to identify which administrator to remove from the system.

The technical implementation of this CSRF vulnerability stems from the absence of proper anti-CSRF token validation within the administrative action processing mechanism. When an administrator navigates to the vulnerable page or when a malicious actor crafts a crafted request to /admin/doAdminAction.php?act=delAdmin&id=17, the system processes the request without verifying the authenticity of the request origin or the presence of a valid anti-CSRF token. This design flaw allows attackers to construct malicious web pages or exploit existing vulnerabilities to trick authenticated administrators into executing unintended administrative commands without their knowledge or consent.

The operational impact of this vulnerability is severe as it provides attackers with the capability to completely remove administrative accounts from the system, potentially leading to complete loss of administrative control over the CMS. An attacker could leverage this vulnerability to delete critical administrative users, effectively locking out legitimate administrators and rendering the system unusable. Additionally, the vulnerability could be extended to perform other administrative actions if similar implementation flaws exist within the same codebase, potentially allowing for complete system compromise through account deletion, privilege escalation, or data manipulation.

Security professionals should note that this vulnerability aligns with CWE-352, which specifically addresses Cross-Site Request Forgery weaknesses in software applications. The flaw also corresponds to ATT&CK technique T1548.003, which covers abuse of credentials and privilege escalation through administrative account manipulation. Organizations should immediately implement mitigation strategies including the addition of anti-CSRF tokens to all administrative actions, implementing proper request origin validation, and ensuring that all administrative interfaces require explicit authentication verification for each request. The vulnerability demonstrates the critical importance of input validation and authentication mechanisms in administrative interfaces, particularly when dealing with account management functions that can result in complete system compromise.

The vulnerability presents a significant risk to organizations relying on dingfanzu CMS 1.0 as it essentially allows for unauthorized administrative access through social engineering or by exploiting other vulnerabilities that might already exist within the application. Given that the vulnerability affects a core administrative function, the potential for data loss, system compromise, and unauthorized access is extremely high. System administrators should prioritize patching or implementing compensating controls as soon as possible to prevent exploitation of this CSRF vulnerability that could result in complete administrative control loss of the affected CMS installation.

Responsible

MITRE

Reservation

10/08/2024

Disclosure

10/28/2024

Moderation

accepted

CPE

ready

EPSS

0.00174

KEV

no

Activities

very low

Sources

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!