CVE-2020-24739: CSRF
First published: Thu Sep 10 2020(Updated: )
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| idreamsoft iCMS | =7.0.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this CSRF vulnerability in iCMS v7.0.0?
The vulnerability ID is CVE-2020-24739.
What is the severity of CVE-2020-24739?
CVE-2020-24739 has a severity rating of 6.5 (medium).
In which version of iCMS was the CSRF vulnerability found?
The CSRF vulnerability was found in iCMS v7.0.0.
How does the CSRF vulnerability in iCMS v7.0.0 impact administrators?
If the CSRF_TOKEN is missing, an attacker can still delete all administrators except the initial one.
Is there a fix available for the CSRF vulnerability in iCMS v7.0.0?
Currently, there is no information available regarding a fix for the CSRF vulnerability in iCMS v7.0.0.
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/tags
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/idreamsoft
- canonical/idreamsoft icms
- version/idreamsoft icms/7.0.0