CVE-2023-6761
MEDIUMIceCMS <= 2.0.1 - Improper Access Control in User Data Handler
Title source: llmDescription
A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247889 was assigned to this vulnerability.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
https://vuldb.com/?id.247889
Permissions Required, Third Party Advisory signature
permissions-required
https://vuldb.com/?ctiid.247889
Exploit, Third Party Advisory exploit
http://39.106.130.187/chui/1.html
Scores
CVSS v3
4.3
EPSS
0.0079
EPSS Percentile
51.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Details
CWE
CWE-284
Status
published
Products (1)
thecosy/icecms
2.0.1
Published
Dec 13, 2023
Tracked Since
Feb 18, 2026