Vulnerability Details : CVE-2023-6438
Potential exploit
A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /WebArticle/articles/ of the component Like Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-246438 is the identifier assigned to this vulnerability.
Products affected by CVE-2023-6438
- cpe:2.3:a:thecosy:icecms:2.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6438
0.10%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 42 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6438
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:N/I:P/A:N |
8.0
|
2.9
|
VulDB | |
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
2.8
|
1.4
|
VulDB | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2023-6438
-
The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.Assigned by: cna@vuldb.com (Primary)
References for CVE-2023-6438
-
https://vuldb.com/?id.246438
CVE-2023-6438: IceCMS Like improper enforcement of a single, unique actionThird Party Advisory
-
http://124.71.147.32:8082
Exploit;Third Party Advisory
-
https://vuldb.com/?ctiid.246438
CVE-2023-6438: IceCMS Like improper enforcement of a single, unique actionThird Party Advisory
Jump to