CVE-2022-44849 is a high-severity Cross-Site Request Forgery (CSRF) vulnerability affecting the Administrator List functionality in MetInfo version 7.7. MetInfo is a content management system (CMS) widely used for website management. The vulnerability allows an attacker to exploit the lack of proper CSRF protections to craft malicious requests that, when executed by an authenticated administrator, can arbitrarily add a new Super Administrator account without the victim's consent or knowledge. This attack vector requires the victim to be authenticated and to interact with a maliciously crafted webpage or link, which triggers the CSRF attack. The vulnerability impacts confidentiality, integrity, and availability since an attacker gaining Super Administrator privileges can fully control the affected system, including modifying or deleting data, installing backdoors, or disrupting services. The CVSS 3.1 base score is 8.8, indicating a high severity level, with an attack vector of network (remote exploitation), low attack complexity, no privileges required to initiate the attack, but user interaction is necessary. The scope is unchanged, meaning the attack affects only the vulnerable component. No known exploits in the wild have been reported, and no official patches or vendor advisories are currently available. The vulnerability is classified under CWE-352, which corresponds to improper verification of request authenticity, a common web security flaw.

For European organizations using MetInfo CMS version 7.7, this vulnerability poses a significant risk. Successful exploitation leads to unauthorized creation of Super Administrator accounts, granting attackers full administrative control over the CMS. This can result in data breaches, defacement of websites, insertion of malicious content or malware, and disruption of business operations. Organizations in sectors such as government, finance, healthcare, and e-commerce are particularly vulnerable due to the sensitive nature of their data and the criticality of their online presence. The compromise of administrative accounts can also facilitate lateral movement within internal networks, increasing the overall risk profile. Given the high CVSS score and the potential for complete system compromise, the impact on confidentiality, integrity, and availability is severe. Additionally, the lack of patches increases the window of exposure, potentially inviting targeted attacks or opportunistic exploitation once proof-of-concept code becomes available.

1. Immediate mitigation should focus on implementing anti-CSRF tokens or other request validation mechanisms to ensure that all administrative actions require legitimate user interaction and cannot be forged by third-party sites. 2. Restrict access to the MetInfo administrative interface by IP whitelisting or VPN access to reduce exposure to remote attackers. 3. Enforce multi-factor authentication (MFA) for all administrator accounts to limit the impact of unauthorized account creation. 4. Monitor web server and application logs for unusual administrative account creation activities or suspicious HTTP requests indicative of CSRF attempts. 5. Conduct regular security audits and penetration testing focusing on web application vulnerabilities, including CSRF. 6. If possible, isolate the CMS environment from other critical infrastructure to contain potential breaches. 7. Stay alert for official patches or updates from MetInfo developers and apply them promptly once available. 8. Educate administrators about the risks of clicking on untrusted links or visiting suspicious websites while logged into the CMS.