| عنوان | lceCMS v 2.0.1 Horizontal Privilege Escalation |
|---|
| الوصف | IceCMS is a content management system based on Spring Boot+Vue front-end and back-end separation.
IceCMS v2.0.1 version has a level of unauthorized access, which is located in the area of personal information modification. Through a single ordinary user, multiple user information accounts and passwords can be modified. The backend code only determines identity based on userId, which is why the vulnerability arises |
|---|
| المصدر | ⚠️ http://x.x.x.x/yue/yue.html |
|---|
| المستخدم | zero121 (UID 59411) |
|---|
| ارسال | 04/12/2023 04:08 PM (3 سنوات منذ) |
|---|
| الاعتدال | 13/12/2023 08:40 AM (9 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 247888 [Thecosy IceCMS حتى 2.0.1 تجاوز الصلاحيات] |
|---|
| النقاط | 19 |
|---|