exploitDog

CVE-2024-46609

Опубликовано: 25 сент. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords

Ссылки

https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46609.md
Exploit
Third Party Advisory
https://github.com/Thecosy/iceCMS?tab=readme-ov-file
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thecosy:icecms:*:*:*:*:*:*:*:*

Версия до 3.4.7 (включая)

EPSS

Процентиль: 43%

0.00207

Низкий

7.5 High

CVSS3

Дефекты

CWE-284

Связанные уязвимости

GHSA-wx2g-pjx5-v6r9

CVSS3: 7.3

github

больше 1 года назад

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords

EPSS

Процентиль: 43%

0.00207

Низкий

7.5 High

CVSS3

Дефекты

CWE-284