Vulnerabilities > CVE-2024-46610 - Unspecified vulnerability in Thecosy Icecms 1.0.0/2.0.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |