VYPR

IceCMS

by IceCMS

CVEs (10)

  • CVE-2024-48202CriOct 30, 2024
    risk 0.64cvss 9.8epss 0.01

    icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.

  • CVE-2024-46612CriSep 25, 2024
    risk 0.64cvss 9.8epss 0.01

    IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.

  • CVE-2023-36100CriSep 1, 2023
    risk 0.64cvss 9.8epss 0.01

    An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser.

  • CVE-2025-22984HigJan 14, 2025
    risk 0.49cvss 7.5epss 0.00

    An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.

  • CVE-2025-22983HigJan 14, 2025
    risk 0.49cvss 7.5epss 0.00

    An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.

  • CVE-2024-46610HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.00

    An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java

  • CVE-2024-46609HigSep 25, 2024
    risk 0.49cvss 7.5epss 0.01

    An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords

  • CVE-2024-46607HigSep 25, 2024
    risk 0.49cvss 7.6epss 0.00

    Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.

  • CVE-2023-33355HigMay 25, 2023
    risk 0.49cvss 7.5epss 0.01

    IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information.

  • CVE-2023-42188MedOct 27, 2023
    risk 0.42cvss 6.5epss 0.00

    IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).