| عنوان | lceCMS api:/squareComment/ChangeSquareById/{user id}/{content} v 2.0.1 Unauthorized modification of user information vulnerability |
|---|
| الوصف | IceCMS is a standalone content management system before Spring Boot + Vue. IceCMS v2.0.1 has a logical flaw, in the backend /adplanet/PlanetCommentList page, api:/squareComment/ChangeSquareById/{user id}/{content} is used to modify the content. Under normal circumstances, this API can only be accessed after logging in. Harm: Attackers can modify user information without logging in! |
|---|
| المصدر | ⚠️ http://x.x.x.x:8082/IceCMS4.html |
|---|
| المستخدم | YuJiu (UID 59194) |
|---|
| ارسال | 03/12/2023 07:14 PM (3 سنوات منذ) |
|---|
| الاعتدال | 13/12/2023 08:40 AM (10 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 247886 [Thecosy IceCMS 2.0.1 API PlanetCommentList تجاوز الصلاحيات] |
|---|
| النقاط | 17 |
|---|