4 matches found
CVE-2024-46610
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...
CVE-2024-46610
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java...
CVE-2023-36100
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser...
PT-2023-25429 · Icecms · Icecms
Name of the Vulnerable Software and Affected Versions: IceCMS version 2.0.1 Description: An issue was discovered in IceCMS, allowing attackers to escalate privileges and gain sensitive information via the UserID parameter in the "api/User/ChangeUser" endpoint. Recommendations: For IceCMS version...