CVE-2024-28677 identifies a Cross-Site Request Forgery (CSRF) vulnerability in DedeCMS version 5.7, a popular content management system primarily used for website management. The vulnerability exists in the /dede/article_keywords_main.php endpoint, which handles article keyword management. CSRF vulnerabilities allow attackers to induce authenticated users to perform unwanted actions on a web application without their knowledge. In this case, an attacker could craft a malicious web page or link that, when visited by an authenticated DedeCMS user, triggers unauthorized changes to article keywords. The vulnerability has a CVSS 3.1 score of 6.1, reflecting a medium severity with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), but requiring user interaction (UI:R). The scope is changed (S:C), indicating that the vulnerability affects resources beyond the initially vulnerable component. The impact affects confidentiality and integrity at a low level (C:L/I:L) but does not affect availability (A:N). No public exploits have been reported, and no official patches are currently available. The vulnerability is classified under CWE-352, which covers CSRF issues. This vulnerability could be exploited by attackers to manipulate website content or metadata, potentially undermining website integrity and user trust.

The primary impact of CVE-2024-28677 is unauthorized modification of article keywords within DedeCMS-managed websites, which can degrade data integrity and potentially expose sensitive metadata. While the confidentiality impact is low, attackers could leverage this to manipulate SEO-related content or mislead users by altering keywords. This could indirectly affect website reputation and search engine rankings. Since the vulnerability requires user interaction and an authenticated session, exploitation is limited to users with valid credentials, reducing the attack surface. However, if privileged users are targeted, the impact could be more significant. There is no direct impact on system availability, but persistent unauthorized changes could require administrative remediation efforts. Organizations relying on DedeCMS for content management, especially those with high web traffic or sensitive content, may face reputational damage and operational overhead. The absence of known exploits limits immediate risk, but the vulnerability remains a concern until patched.

To mitigate CVE-2024-28677, organizations should implement robust anti-CSRF protections such as synchronizer tokens or double-submit cookies on all state-changing requests, especially those involving article keyword management. Web application firewalls (WAFs) can be configured to detect and block suspicious CSRF patterns or anomalous requests to /dede/article_keywords_main.php. Administrators should enforce strict session management and consider reducing the number of users with privileges to modify article keywords. User education is critical to avoid clicking on untrusted links while authenticated to the CMS. Monitoring web server logs for unusual POST requests to the vulnerable endpoint can help detect attempted exploitation. Until an official patch is released, consider temporarily disabling or restricting access to the affected functionality if feasible. Regularly check for vendor updates and apply patches promptly once available. Additionally, implementing Content Security Policy (CSP) headers can help reduce the risk of CSRF by limiting the sources of executable scripts.