Yujiu

**Name of the Vulnerable Software and Affected Versions** Thecosy IceCMS version 2.0.1 **Description** A vulnerability was found in the Captcha Handler component of the /login file, leading to improper restriction of excessive authentication attempts. This issue can be exploited remotely. **Recommendations** For Thecosy IceCMS version 2.0.1, consider restricting access to the /login endpoint until a patch is available. As a temporary workaround, review and limit the authentication attempt functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Thecosy IceCMS version 2.0.1 **Description** A vulnerability was found in Thecosy IceCMS, affecting an unknown functionality of the file /adplanet/PlanetUser of the component API. This leads to information disclosure and can be exploited remotely. **Recommendations** For Thecosy IceCMS version 2.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /adplanet/PlanetUser API endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Thecosy IceCMS version 2.0.1 **Description** A critical issue affects some unknown functionality of the file /adplanet/PlanetCommentList of the component API, leading to improper access controls. The attack may be launched remotely. **Recommendations** For Thecosy IceCMS version 2.0.1, consider restricting access to the /adplanet/PlanetCommentList API endpoint until a patch is available. As a temporary workaround, review and limit the functionality of the affected API component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** IceCMS version 2.0.1 **Description** A vulnerability has been found in IceCMS, affecting an unknown function of the file /WebArticle/articles/ of the component Like Handler. This issue leads to improper enforcement of a single, unique action and can be exploited remotely. The exploit has been disclosed to the public. **Recommendations** For version 2.0.1, consider disabling the affected Like Handler component until a patch is available. Restrict access to the /WebArticle/articles/ file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.