3 matches found
CVE-2024-46607
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file...
CVE-2024-46607
IceCMS up to v3.4.7 is affected by an authentication bypass in the loginAdmin path of UserController.java, allowing login with arbitrary username and password and resulting in unauthorized access. The CVSS v3.1 base score is 7.6 (High): Network attack, low complexity, low privileges required, use...
CVE-2024-46607
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file...