{content} v 2.0.1 Unauthorized modification of user information vulnerability정보

제목	lceCMS api:/squareComment/ChangeSquareById/{user id}/{content} v 2.0.1 Unauthorized modification of user information vulnerability
설명	IceCMS is a standalone content management system before Spring Boot + Vue. IceCMS v2.0.1 has a logical flaw, in the backend /adplanet/PlanetCommentList page, api:/squareComment/ChangeSquareById/{user id}/{content} is used to modify the content. Under normal circumstances, this API can only be accessed after logging in. Harm: Attackers can modify user information without logging in!
원천	⚠️ http://x.x.x.x:8082/IceCMS4.html
사용자	YuJiu (UID 59194)
제출	2023. 12. 03. PM 07:14 (3 연령 ago)
모더레이션	2023. 12. 13. AM 08:40 (10 days later)
상태	수락
VulDB 항목	247886 [Thecosy IceCMS 2.0.1 API PlanetCommentList 권한 상승]
포인트들	17

Do you know our Splunk app?

Download it now for free!