CVE-2024-46607

high

Description

Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.

References

https://github.com/Thecosy/iceCMS?tab=readme-ov-file

https://github.com/Lunax0/LogLunax/blob/main/icecms/CVE-2024-46607.md

http://icecms.com

Details

Source: Mitre, NVD

Published: 2024-09-25

Updated: 2025-04-28

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.6

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L

Severity: High

EPSS

EPSS: 0.00109

Detections

Analytics