CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-46607

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 11.3%

CVSS Severity

CVSS v3 Score 7.6

References

http://icecms.com
https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46607.md
https://github.com/Thecosy/iceCMS?tab=readme-ov-file

Products affected by CVE-2024-46607

Thecosy » Icecms » Version: 1.0.0

cpe:2.3:a:thecosy:icecms:1.0.0
Thecosy » Icecms » Version: 2.0.1

cpe:2.3:a:thecosy:icecms:2.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-46607

Products

Pricing

Contact Us