CVE-2024-29499 is a Cross-Site Request Forgery (CSRF) vulnerability identified in Anchor CMS version 0.12.7. The issue arises from insufficient protection against unauthorized state-changing requests on the /anchor/admin/users/delete/2 endpoint, which handles user deletion. CSRF vulnerabilities allow attackers to induce authenticated users, typically administrators, to perform unwanted actions without their consent by leveraging their active session. In this case, an attacker with low privileges can craft a malicious request that, when executed by an authenticated admin, results in the deletion of user accounts. The vulnerability has a CVSS 3.1 base score of 7.4, indicating high severity, with the vector string AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L. This means the attack can be performed remotely over the network with low attack complexity, requires low privileges, no user interaction, and affects confidentiality, integrity, and availability with a scope change. The vulnerability is categorized under CWE-352 (Cross-Site Request Forgery). No patches or known exploits are currently available, but the risk remains significant due to the potential impact on administrative user accounts and overall CMS security.

The exploitation of this CSRF vulnerability can lead to unauthorized deletion of user accounts within Anchor CMS installations, directly impacting the integrity and availability of user management functions. This can disrupt administrative operations, potentially lock out legitimate administrators, and degrade the overall security posture of affected websites. Confidentiality is also impacted as unauthorized actions could be leveraged to escalate privileges or remove audit trails. Organizations relying on Anchor CMS for content management may face service interruptions, loss of control over user accounts, and increased risk of further exploitation if administrative accounts are compromised or deleted. The vulnerability's ease of exploitation and lack of required user interaction increase the risk of automated or targeted attacks, especially in environments where administrators frequently access the CMS interface.

To mitigate this vulnerability, organizations should implement CSRF protections such as synchronizer tokens or double-submit cookies on all state-changing endpoints, especially the user deletion functionality. Immediate steps include restricting access to the /anchor/admin/users/delete/2 endpoint to trusted IPs or VPNs and enforcing strict session management and privilege separation to minimize the impact of compromised accounts. Administrators should avoid clicking on untrusted links while authenticated and monitor logs for suspicious deletion requests. Until an official patch is released, consider applying web application firewall (WAF) rules to detect and block suspicious CSRF patterns targeting Anchor CMS admin endpoints. Regular backups of user data and CMS configurations are essential to enable recovery from unauthorized deletions. Finally, keep Anchor CMS installations updated and subscribe to vendor advisories for timely patch deployment.