CVE-2024-34958

MEDIUM

idccms v1.35 - Cross-Site Request Forgery via admin/banner_deal.php?mudi=add

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-34958. PoCs published by Gr-1m.

AI-analyzed exploit summary The repository contains only a minimal README with no exploit code or technical details. It mentions CSRF PoCs for CVE-2024-34957 and CVE-2024-34958 but provides no functional content.

Description

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add

Exploits (1)

nomisec STUB

by Gr-1m · poc

https://github.com/Gr-1m/CVE-2024-34958

View Code ZIP pw:eip

The repository contains only a minimal README with no exploit code or technical details. It mentions CSRF PoCs for CVE-2024-34957 and CVE-2024-34958 but provides no functional content.

Classification

Stub 90%

Attack Type

Other

Complexity

Trivial

Reliability

Theoretical

Target: idccms (version unspecified)

No auth needed

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/Gr-1m/cms/blob/main/2.md

View Exploit ZIP pw:eip

Scores

CVSS v3 6.5

EPSS 0.0038

EPSS Percentile 29.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

idccms/idccms 1.35

Published May 16, 2024

Tracked Since Feb 18, 2026