PT-2023-32760 · Thecosy · Thecosy Icecms

Yujiu

Published

2023-12-13

Updated

2024-05-17

CVE-2023-6757

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Thecosy IceCMS version 2.0.1

Description A vulnerability was found in Thecosy IceCMS, affecting an unknown functionality of the file /adplanet/PlanetUser of the component API. This leads to information disclosure and can be exploited remotely.

Recommendations For Thecosy IceCMS version 2.0.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting access to the /adplanet/PlanetUser API endpoint to minimize the risk of exploitation.

Exploit

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2023-6757

Affected Products

Thecosy Icecms

PT-2023-32760 · Thecosy · Thecosy Icecms

CVE-2023-6757

Weakness Enumeration

Related Identifiers

Affected Products

References · 7