Vulnerability Details CVE-2024-46610
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 7.4%
CVSS Severity
CVSS v3 Score 7.5
References