Enviar #247936: lceCMS lceCMS v 2.0.1 vertical overrideinformación

TítulolceCMS lceCMS v 2.0.1 vertical override
DescripciónIceCMS is a content management system based on Spring Boot+Vue front-end and back-end separation. IceCMS v2.0.1 has an unauthorized access level and is located in the Personal Information Modification area. Through the ordinary user, the administrator user's account, personal information and password can be modified, resulting in vertical override. The back-end code determines the identity based solely on the userId, which is how the vulnerability arises. It's very harmful.
Fuente⚠️ http://x.x.x.x/chui/1.html
Usuario
 zero121 (UID 59411)
Sumisión2023-12-05 16:25 (hace 3 años)
Moderación2023-12-13 08:40 (8 days later)
EstadoAceptado
Entrada de VulDB247889 [Thecosy IceCMS hasta 2.0.1 User Data escalada de privilegios]
Puntos20

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!