Skip to main content

Icecms CVE-2023-6438

MEDIUM
Improper Enforcement of a Single, Unique Action (CWE-837)
2023-11-30 cna@vuldb.com
5.3
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.3 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
Low

Lifecycle Timeline

1
CVE Published
Nov 30, 2023 - 17:15 nvd
MEDIUM 5.3

DescriptionNVD

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability.

AnalysisAI

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-837. A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability. Affected products include: Thecosy Icecms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Icecms

View all
CVE-2024-48202 CRITICAL POC
9.8 Oct 30

icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. Rated critical severity (CVSS 9.8), this vu

CVE-2024-46612 CRITICAL POC
9.8 Sep 25

IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication

CVE-2023-6756 CRITICAL POC
9.8 Dec 13

A vulnerability was found in Thecosy IceCMS 2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex

CVE-2023-36100 CRITICAL POC
9.8 Sep 01

An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information

CVE-2023-6761 HIGH POC
8.8 Dec 13

A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. Rated high severity

CVE-2024-46607 HIGH POC
7.6 Sep 25

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values a

CVE-2024-46610 HIGH POC
7.5 Sep 25

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including

CVE-2024-46609 HIGH POC
7.5 Sep 25

An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticat

CVE-2023-6759 HIGH POC
7.5 Dec 13

A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Rated high severity (CVSS 7.5), this v

CVE-2023-33355 HIGH POC
7.5 May 25

IceCMS v1.0.0 has Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a

CVE-2023-6757 MEDIUM POC
6.5 Dec 13

A vulnerability was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely expl

CVE-2023-42188 MEDIUM POC
6.5 Oct 27

IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability i

Share

CVE-2023-6438 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy