Skip to main content
CVE Vulnerability Database

CVE-2024-0414: Csdeshang Dscms Auth Bypass Vulnerability

CVE-2024-0414 is an authentication bypass flaw in Csdeshang Dscms affecting versions up to 3.1.2/7.1 through improper access controls in install.php. This article covers technical details, affected versions, impact, and mitigation strategies.

Updated:

CVE-2024-0414 Overview

CVE-2024-0414 is an improper access control vulnerability in DeShang DSCMS versions up to 3.1.2/7.1. The flaw resides in an unknown function within the public/install.php file. Remote attackers can manipulate the installation endpoint without authentication to bypass access restrictions. The exploit has been publicly disclosed, increasing the likelihood of opportunistic attacks against exposed instances. The vulnerability is tracked in the VulDB database as identifier VDB-250434 and is categorized under [CWE-284: Improper Access Control].

Critical Impact

Unauthenticated remote attackers can interact with the installation script to compromise confidentiality, integrity, and availability of DSCMS deployments.

Affected Products

  • DeShang DSCMS versions up to and including 3.1.2
  • DeShang DSCMS 7.0
  • DeShang DSCMS 7.1

Discovery Timeline

  • 2024-01-11 - CVE-2024-0414 published to NVD
  • 2024-11-21 - Last updated in NVD database

Technical Details for CVE-2024-0414

Vulnerability Analysis

The vulnerability stems from improper access control on the public/install.php script bundled with DeShang DSCMS. The installer remains reachable over the network after deployment without enforcing authentication or installation-state checks. Attackers can interact with installation logic on production systems, which typically permits reconfiguration of database connections, administrative credentials, and core application settings. Because the issue affects a content management system reachable from the public internet, exploitation does not require user interaction or prior credentials.

Root Cause

The root cause is missing authorization enforcement on the installation entry point. Web installers are intended to run once during initial setup and should be disabled, removed, or gated by a lock file once installation completes. In DSCMS releases up to 3.1.2 and the 7.x branch through 7.1, the application fails to verify that installation has already concluded before processing requests to install.php. The result is a [CWE-284] access control failure exposing administrative functionality to anonymous users.

Attack Vector

The attack vector is network-based and requires no authentication or user interaction. An attacker sends crafted HTTP requests directly to the public/install.php endpoint of an exposed DSCMS instance. Successful manipulation of installation parameters can allow an adversary to overwrite configuration, point the application at an attacker-controlled database, or seed administrator credentials. Public disclosure of the exploit details on the Zhao Jin technical write-up and the VulDB advisory lowers the barrier to weaponization.

Detection Methods for CVE-2024-0414

Indicators of Compromise

  • HTTP requests to /public/install.php or /install.php on DSCMS hosts after the application has been initialized
  • Unexpected modifications to DSCMS configuration files, database connection strings, or administrator account records
  • New administrator accounts or session tokens appearing without a corresponding legitimate provisioning event
  • Outbound connections from the web server to unknown database hosts following install-endpoint access

Detection Strategies

  • Review web server access logs for any requests to install.php originating from external IP addresses
  • Compare deployed file hashes against a known-good DSCMS release to identify tampered installer or configuration files
  • Alert on POST requests to installation endpoints on production hosts where installation should already be complete

Monitoring Recommendations

  • Forward DSCMS web server logs to a centralized logging platform and create rules for accesses to setup or install scripts
  • Monitor file integrity on the DSCMS application directory, with priority on public/install.php and configuration files
  • Track administrative account creation and privilege changes in the DSCMS database and alert on out-of-band events

How to Mitigate CVE-2024-0414

Immediate Actions Required

  • Remove, rename, or restrict network access to public/install.php on all production DSCMS deployments
  • Block external access to installation paths at the web server, reverse proxy, or web application firewall layer
  • Audit DSCMS administrator accounts, database configuration, and recent file changes for signs of tampering
  • Rotate administrator credentials and any database credentials referenced by DSCMS configuration

Patch Information

No vendor advisory or fixed version is listed in the available references for CVE-2024-0414. Operators should consult the VulDB entry and the Zhao Jin technical write-up for current remediation guidance, and contact the DeShang DSCMS vendor for an official fixed release.

Workarounds

  • Delete public/install.php from the web root once installation has been completed successfully
  • Restrict access to the installer using web server access control lists scoped to trusted administrative IP addresses
  • Deploy a WAF rule that returns HTTP 403 for any external request matching the installation endpoint path
  • Place the DSCMS administrative surface behind a VPN or authenticated reverse proxy to remove direct internet exposure

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.