2024-09-24 00:00:00
mitre
PUBLISHED
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java