2 matches found
PT-2024-32075 · Icecms · Icecms
Name of the Vulnerable Software and Affected Versions: IceCMS versions 3.4.7 and earlier Description: The issue allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint "/User/ChangeUser/s" in the ChangeUser functi...
IceCMS Security Vulnerability
IceCMS is a content management system based on Spring Boot + Vue front-end and back-end separation of NgShow individual developers. A security vulnerability exists in IceCMS version 2.0.1 that allows an attacker to elevate privileges and obtain sensitive information via the UserID parameter in...