Enviar #246751: lceCMS api:/squareComment/ChangeSquareById/{user id}/{content} v 2.0.1 Unauthorized modification of user information vulnerabilityinformación

TítulolceCMS api:/squareComment/ChangeSquareById/{user id}/{content} v 2.0.1 Unauthorized modification of user information vulnerability
DescripciónIceCMS is a standalone content management system before Spring Boot + Vue. IceCMS v2.0.1 has a logical flaw, in the backend /adplanet/PlanetCommentList page, api:/squareComment/ChangeSquareById/{user id}/{content} is used to modify the content. Under normal circumstances, this API can only be accessed after logging in. Harm: Attackers can modify user information without logging in!
Fuente⚠️ http://x.x.x.x:8082/IceCMS4.html
Usuario
 YuJiu (UID 59194)
Sumisión2023-12-03 19:14 (hace 3 años)
Moderación2023-12-13 08:40 (10 days later)
EstadoAceptado
Entrada de VulDB247886 [Thecosy IceCMS 2.0.1 API PlanetCommentList escalada de privilegios]
Puntos17

AnteriorVisión De ConjuntoPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!

n $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0'; } } ?>