Lunax0

4 exploits Active since Sep 2024
CVE-2024-46607 WRITEUP HIGH WRITEUP
Thecosy Icecms < 3.4.7 - Improper Access Control
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.
CVSS 7.6
CVE-2024-46609 WRITEUP HIGH WRITEUP
Thecosy Icecms < 3.4.7 - Improper Access Control
An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords
CVSS 7.5
CVE-2024-46610 WRITEUP HIGH WRITEUP
Thecosy Icecms < 3.4.7 - Improper Access Control
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
CVSS 7.5
CVE-2024-48202 WRITEUP CRITICAL WRITEUP
Thecosy Icecms < 3.4.7 - Unrestricted File Upload
icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.
CVSS 9.8