Invia #247936: lceCMS lceCMS v 2.0.1 vertical overrideinformazioni

TitololceCMS lceCMS v 2.0.1 vertical override
DescrizioneIceCMS is a content management system based on Spring Boot+Vue front-end and back-end separation. IceCMS v2.0.1 has an unauthorized access level and is located in the Personal Information Modification area. Through the ordinary user, the administrator user's account, personal information and password can be modified, resulting in vertical override. The back-end code determines the identity based solely on the userId, which is how the vulnerability arises. It's very harmful.
Fonte⚠️ http://x.x.x.x/chui/1.html
Utente
 zero121 (UID 59411)
Sottomissione05/12/2023 16:25 (3 anni fa)
Moderazione13/12/2023 08:40 (8 days later)
StatoAccettato
Voce VulDB247889 [Thecosy IceCMS fino a 2.0.1 User Data escalationi di privilegi]
Punti20

PrecedenteVisione D'ensembleIl prossimo

Interested in the pricing of exploits?

See the underground prices here!