{content} v 2.0.1 Unauthorized modification of user information vulnerabilityinfo

Title	lceCMS api:/squareComment/ChangeSquareById/{user id}/{content} v 2.0.1 Unauthorized modification of user information vulnerability
Description	IceCMS is a standalone content management system before Spring Boot + Vue. IceCMS v2.0.1 has a logical flaw, in the backend /adplanet/PlanetCommentList page, api:/squareComment/ChangeSquareById/{user id}/{content} is used to modify the content. Under normal circumstances, this API can only be accessed after logging in. Harm: Attackers can modify user information without logging in!
Source	⚠️ http://x.x.x.x:8082/IceCMS4.html
User	YuJiu (UID 59194)
Submission	12/03/2023 19:14 (3 years ago)
Moderation	12/13/2023 08:40 (10 days later)
Status	Accepted
VulDB entry	247886 [Thecosy IceCMS 2.0.1 API PlanetCommentList access control]
Points	17

Interested in the pricing of exploits?

See the underground prices here!