ГлавнаяУязвимости → CVE-2024-46610
7.5высокая

CVE-2024-46610

Описание

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java

Затрагиваемое ПО
Thecosy Icecms
CVSS
Балл7.5 — высокая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Источники
https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46610.mdhttps://github.com/Thecosy/iceCMS?tab=readme-ov-file