CVE-2024-39119

MEDIUM

idccms v1.35 - Cross-Site Request Forgery via admin/info_deal.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-39119. PoCs published by phtcloud-dev.

AI-analyzed exploit summary The repository contains a Python script that scans for CVE-2024-39199 by sending a POST request to '/web/ajax.php' with specific headers and data, checking for the presence of 'Error infos:' in the response to indicate vulnerability. It does not exploit the vulnerability but detects its presence.

Description

idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.

Exploits (1)

github SCANNER

by phtcloud-dev · pythonpoc

https://github.com/phtcloud-dev/CVE-2024-39199

View Code ZIP pw:eip

The repository contains a Python script that scans for CVE-2024-39199 by sending a POST request to '/web/ajax.php' with specific headers and data, checking for the presence of 'Error infos:' in the response to indicate vulnerability. It does not exploit the vulnerability but detects its presence.

Classification

Scanner 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: 10000CMS

No auth needed

Prerequisites: List of target URLs in 'url.txt'

MITRE ATT&CK

T1595 - Active Scanning

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (1)

Core 1

Core References

Exploit, Third Party Advisory

https://github.com/2477231995/cms/blob/main/1.md

View Exploit ZIP pw:eip

Scores

CVSS v3 5.4

EPSS 0.0020

EPSS Percentile 9.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-352

Status published

Products (1)

idccms/idccms 1.35

Published Jul 02, 2024

Tracked Since Feb 18, 2026