| عنوان | lceCMS api:/square/GetAllSquareUser v 2.0.1 Unauthorized access to user information vulnerability |
|---|
| الوصف | IceCMS is a standalone content management system before Spring Boot + Vue. IceCMS v2.0.1 has a logical flaw, in the background /adplanet/PlanetUser page, api:/square/GetAllSquareUser is used to obtain user information. Under normal circumstances, this API can only be accessed after logging in. Harm: Attackers can obtain a large amount of user information, including sensitive information such as usernames, passwords, and email addresses, without logging in. |
|---|
| المصدر | ⚠️ http://x.x.x.x:8082/IceCMS3.html |
|---|
| المستخدم | YuJiu (UID 59194) |
|---|
| ارسال | 03/12/2023 06:51 PM (3 سنوات منذ) |
|---|
| الاعتدال | 13/12/2023 08:40 AM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 247885 [Thecosy IceCMS 2.0.1 API /adplanet/PlanetUser الكشف عن المعلومات] |
|---|
| النقاط | 17 |
|---|