IceCMS
Products
1- 10 CVEs
Recent CVEs
10| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-48202 | Cri | 0.64 | 9.8 | 0.01 | Oct 30, 2024 | icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile. | ||
| CVE-2024-46612 | Cri | 0.64 | 9.8 | 0.01 | Sep 25, 2024 | IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information. | ||
| CVE-2023-36100 | Cri | 0.64 | 9.8 | 0.01 | Sep 1, 2023 | An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser. | ||
| CVE-2025-22984 | Hig | 0.49 | 7.5 | 0.00 | Jan 14, 2025 | An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | ||
| CVE-2025-22983 | Hig | 0.49 | 7.5 | 0.00 | Jan 14, 2025 | An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information. | ||
| CVE-2024-46610 | Hig | 0.49 | 7.5 | 0.00 | Sep 25, 2024 | An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java | ||
| CVE-2024-46609 | Hig | 0.49 | 7.5 | 0.01 | Sep 25, 2024 | An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords | ||
| CVE-2024-46607 | Hig | 0.49 | 7.6 | 0.00 | Sep 25, 2024 | Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file. | ||
| CVE-2023-33355 | Hig | 0.49 | 7.5 | 0.01 | May 25, 2023 | IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information. | ||
| CVE-2023-42188 | Med | 0.42 | 6.5 | 0.00 | Oct 27, 2023 | IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF). |
- risk 0.64cvss 9.8epss 0.01
icecms <=3.4.7 has a File Upload vulnerability in FileUtils.java,uploadFile.
- risk 0.64cvss 9.8epss 0.01
IceCMS v3.4.7 and before was discovered to contain a hardcoded JWT key, allowing an attacker to forge JWT authentication information.
- risk 0.64cvss 9.8epss 0.01
An issue was discovered in IceCMS version 2.0.1, allows attackers to escalate privileges and gain sensitive information via UserID parameter in api/User/ChangeUser.
- risk 0.49cvss 7.5epss 0.00
An access control issue in the component /api/squareComment/DelectSquareById of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.
- risk 0.49cvss 7.5epss 0.00
An access control issue in the component /square/getAllSquare/circle of iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information.
- risk 0.49cvss 7.5epss 0.00
An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java
- risk 0.49cvss 7.5epss 0.01
An access control issue in the CheckVip function in UserController.java of IceCMS v3.4.7 and before allows unauthenticated attackers to access and returns all user information, including passwords
- risk 0.49cvss 7.6epss 0.00
Incorrect access control in IceCMS v3.4.7 and before allows attackers to authenticate by entering any arbitrary values as the username and password via the loginAdmin method in the UserController.java file.
- risk 0.49cvss 7.5epss 0.01
IceCMS v1.0.0 has Insecure Permissions. There is unauthorized access to the API, resulting in the disclosure of sensitive information.
- risk 0.42cvss 6.5epss 0.00
IceCMS v2.0.1 is vulnerable to Cross Site Request Forgery (CSRF).