CVE-2024-46607

Published: Sep 25, 2024Modified: Apr 28, 2025

7.6

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Exploitability: 2.1 / Impact: 5.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.

Affected (1)

Products: Thecosy: Icecms

Thecosy

1 product

Icecms

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thecosy Icecms	Up to 3.4.7

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (3)

http://icecms.com

Source: cve@mitre.org

Product

https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46607.md

Source: cve@mitre.org

ExploitThird Party Advisory

https://github.com/Thecosy/iceCMS?tab=readme-ov-file

Source: cve@mitre.org

Product

Timeline

No history available yet.