Sholway

**Name of the Vulnerable Software and Affected Versions** Thecosy IceCMS version 1.0.0 **Description** The issue allows a remote attacker to gain privileges. This is achieved via the `Id` and `key` parameters in the `getCosSetting` function. **Recommendations** For Thecosy IceCMS version 1.0.0, consider restricting access to the `getCosSetting` function until a patch is available. Avoid using the `Id` and `key` parameters in this function to minimize the risk of exploitation.