Security Advisory

CVE-2024-46610

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-09-24 00:00:00

Last updated 2024-09-24 20:12:52

Assigner mitre

State PUBLISHED

Description

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java

← Browse all CVEs View on cve.org ↗