2.0.1

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

thecosy

NVD

Published: 2024-09-25

Updated: 2024-09-30

Summary

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java

Vulnerable Configurations

Part	Description	Count
Application	Thecosy Thecosy Icecms 1.0.0 Thecosy Icecms 2.0.1	2

References

https://github.com/Thecosy/iceCMS?tab=readme-ov-file
https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46610.md