Invia #246751: lceCMS api:/squareComment/ChangeSquareById/{user id}/{content} v 2.0.1 Unauthorized modification of user information vulnerabilityinformazioni

TitololceCMS api:/squareComment/ChangeSquareById/{user id}/{content} v 2.0.1 Unauthorized modification of user information vulnerability
DescrizioneIceCMS is a standalone content management system before Spring Boot + Vue. IceCMS v2.0.1 has a logical flaw, in the backend /adplanet/PlanetCommentList page, api:/squareComment/ChangeSquareById/{user id}/{content} is used to modify the content. Under normal circumstances, this API can only be accessed after logging in. Harm: Attackers can modify user information without logging in!
Fonte⚠️ http://x.x.x.x:8082/IceCMS4.html
Utente
 YuJiu (UID 59194)
Sottomissione03/12/2023 19:14 (3 anni fa)
Moderazione13/12/2023 08:40 (10 days later)
StatoAccettato
Voce VulDB247886 [Thecosy IceCMS 2.0.1 API PlanetCommentList escalationi di privilegi]
Punti17

PrecedenteVisione D'ensembleIl prossimo

Do you need the next level of professionalism?

Upgrade your account now!