A vulnerability classified as problematic has been found in Thecosy IceCMS up to 3.4.7. Affected is the function
ChangeUser
of the file UserController.java of the component POST Request Handler. The manipulation of the argument username/password leads to improper access controls.
This vulnerability is traded as CVE-2024-46610. Access to the local network is required for this attack to succeed. There is no exploit available.