Home

Description

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java

PUBLISHED Reserved 2024-09-11 | Published 2024-09-24 | Updated 2024-09-24 | Assigner mitre

References

github.com/Thecosy/iceCMS?tab=readme-ov-file

github.com/...x0/LogLunax/blob/main/icecms/CVE-2024-46610.md

cve.org (CVE-2024-46610)

nvd.nist.gov (CVE-2024-46610)