CVE-2024-46610
- Reference to the description:
- Description:
- An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
- Last updated date:
- 09/30/2024
- Type:
- exploit
- Confidence:
- HIGH
- Date of publishing:
- 09/30/2024
- Reference url to background
https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46610.md