CVE-2024-46610
Published
CVSS v3
7.5
HIGH
CVSS v2
N/A
Affected
2
PROJECTS
Description
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
🌈冰激凌内容管理系统🍦,实现MacWK资源站,社区图片视频圈子CMS,支持网页端移动端小程序🌟适合做 资讯商城,社区论坛,聊天交友 社区,博客,圈子,论坛,图片,视频,社交。
GitHub