CVE-2024-46610 | Thecosy IceCMS up to 3.4.7 POST Request UserController.java ChangeUser username/password access control

Posted by Angelo Barbosa | Sep 24, 2024 | CVE

A vulnerability classified as problematic has been found in Thecosy IceCMS up to 3.4.7. Affected is the function ChangeUser of the file UserController.java of the component POST Request Handler. The manipulation of the argument username/password leads to improper access controls.

This vulnerability is traded as CVE-2024-46610. Access to the local network is required for this attack to succeed. There is no exploit available.

CVE-2024-46610 | Thecosy IceCMS up to 3.4.7 POST Request UserController.java ChangeUser username/password access control

Related Posts

CVE-2024-3204 | c-blosc2 up to 2.13.2 ndlz4x4.c ndlz4_decompress heap-based overflow

CVE-2022-48920 | Linux Kernel up to 5.15.26/5.16.12 fs/fs-writeback.c __writeback_inodes_sb_nr deadlock (850a77c999b8/e4d044dbffcd/a0f0cf8341e3)

CVE-2024-6400 | Finrota Netahsilat up to 1.21.09/1.23.00/1.23.07/1.23.10/1.24.02 cleartext storage

CVE-2024-38302 | Dell Data Lakehouse 1.0.0.0 DDAE missing encryption (dsa-2024-303)