CVE-2024-46610 Information

Description

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users’ information including username and password via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java

Reference

https://github.com/Thecosy/iceCMS?tab=readme-ov-file https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46610.md