CVE-2024-46607 | Thecosy IceCMS up to 3.4.7 UserController.java loginAdmin username/password access control

Posted by Angelo Barbosa | Sep 24, 2024 | CVE

A vulnerability was found in Thecosy IceCMS up to 3.4.7. It has been rated as critical. This issue affects the function loginAdmin of the file UserController.java. The manipulation of the argument username/password leads to improper access controls.

The identification of this vulnerability is CVE-2024-46607. Access to the local network is required for this attack. There is no exploit available.

CVE-2024-46607 | Thecosy IceCMS up to 3.4.7 UserController.java loginAdmin username/password access control

Related Posts

CVE-2023-5643 | Arm Bifrost GPU Kernel Driver up to r45p0 out-of-bounds write

CVE-2024-32350 | Totolink X5000R 9.1.0cu.2350_B20230313 cstecgi.cgi ipsecPsk improper authentication

CVE-2024-34660 | Samsung Notes 2.0.02.31/4.2.00.22/4.2.04.27/4.3.14.39/4.4.15 heap-based overflow

CVE-2024-36491 | Century Systems FutureNet WXR-250 os command injection