Lunax0

4 exploits Active since Sep 2024
CVE-2024-46607 WRITEUP HIGH WRITEUP
IceCMS < 3.4.7 - Unauthenticated Authentication Bypass via LoginAdmin Method
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.
CVSS 7.6
CVE-2024-46609 WRITEUP HIGH WRITEUP
IceCMS < 3.4.7 - Unauthenticated Information Disclosure via CheckVip Function
An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords
CVSS 7.5
CVE-2024-46610 WRITEUP HIGH WRITEUP
IceCMS < 3.4.7 - Unauthenticated Arbitrary User Information Modification via UserController ChangeUser Endpoint
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
CVSS 7.5
CVE-2024-48202 WRITEUP CRITICAL WRITEUP
icecms <= 3.4.7 - Unrestricted File Upload in FileUtils.java
icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.
CVSS 9.8