| 제목 | lceCMS lceCMS v 2.0.1 vertical override |
|---|
| 설명 | IceCMS is a content management system based on Spring Boot+Vue front-end and back-end separation.
IceCMS v2.0.1 has an unauthorized access level and is located in the Personal Information Modification area. Through the ordinary user, the administrator user's account, personal information and password can be modified, resulting in vertical override. The back-end code determines the identity based solely on the userId, which is how the vulnerability arises. It's very harmful. |
|---|
| 원천 | ⚠️ http://x.x.x.x/chui/1.html |
|---|
| 사용자 | zero121 (UID 59411) |
|---|
| 제출 | 2023. 12. 05. PM 04:25 (3 연령 ago) |
|---|
| 모더레이션 | 2023. 12. 13. AM 08:40 (8 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 247889 [Thecosy IceCMS 까지 2.0.1 User Data 권한 상승] |
|---|
| 포인트들 | 20 |
|---|