GetAllSquareUser v 2.0.1 Unauthorized access to user information vulnerabilitythông tin

tiêu đề	lceCMS api:/square/GetAllSquareUser v 2.0.1 Unauthorized access to user information vulnerability
Mô tả	IceCMS is a standalone content management system before Spring Boot + Vue. IceCMS v2.0.1 has a logical flaw, in the background /adplanet/PlanetUser page, api:/square/GetAllSquareUser is used to obtain user information. Under normal circumstances, this API can only be accessed after logging in. Harm: Attackers can obtain a large amount of user information, including sensitive information such as usernames, passwords, and email addresses, without logging in.
Nguồn	⚠️ http://x.x.x.x:8082/IceCMS3.html
Người dùng	YuJiu (UID 59194)
Đệ trình	03/12/2023 18:51 (cách đây 3 những năm)
Kiểm duyệt	13/12/2023 08:40 (10 days later)
Trạng thái	được chấp nhận
Mục VulDB	247885 [Thecosy IceCMS 2.0.1 API /adplanet/PlanetUser tiết lộ thông tin]
điểm	17

Do you want to use VulDB in your project?

Use the official API to access entries easily!