A vulnerability was found in Thecosy IceCMS up to 3.4.7. It has been rated as critical. This issue affects the function
loginAdmin
of the file UserController.java. The manipulation of the argument username/password leads to improper access controls.
The identification of this vulnerability is CVE-2024-46607. Access to the local network is required for this attack. There is no exploit available.