8.8

CVE-2023-6761

Exploit
A vulnerability, which was classified as problematic, has been found in Thecosy IceCMS up to 2.0.1. This issue affects some unknown processing of the component User Data Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-247889 was assigned to this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ThecosyIcecms Version2.0.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.12% 0.318
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
cna@vuldb.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
cna@vuldb.com 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://39.106.130.187/chui/1.html
Third Party Advisory
Exploit
https://vuldb.com/?ctiid.247889
Third Party Advisory
Permissions Required
https://vuldb.com/?id.247889
Third Party Advisory