CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-46609

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 23.5%

CVSS Severity

CVSS v3 Score 7.5

References

https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46609.md
https://github.com/Thecosy/iceCMS?tab=readme-ov-file

Products affected by CVE-2024-46609

Thecosy » Icecms » Version: 1.0.0

cpe:2.3:a:thecosy:icecms:1.0.0
Thecosy » Icecms » Version: 2.0.1

cpe:2.3:a:thecosy:icecms:2.0.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-46609

Products

Pricing

Contact Us