Icecms
CVE-2023-6757
MEDIUM
Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247885 was assigned to this vulnerability.
AnalysisAI
A vulnerability was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. A vulnerability was found in Thecosy IceCMS 2.0.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /adplanet/PlanetUser of the component API. The manipulation leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247885 was assigned to this vulnerability. Affected products include: Thecosy Icecms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.
icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. Rated critical severity (CVSS 9.8), this vu
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication
A vulnerability was found in Thecosy IceCMS 2.0.1. Rated critical severity (CVSS 9.8), this vulnerability is remotely ex
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information
A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. Rated high severity
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values a
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including
An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticat
A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Rated high severity (CVSS 7.5), this v
IceCMS v1.0.0 has Insecure Permissions. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no a
IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). Rated medium severity (CVSS 6.5), this vulnerability i
A vulnerability was found in Thecosy IceCMS 2.0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely expl
Same weakness CWE-200 – Information Exposure
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today