Vulnerability Details : CVE-2023-6756
Potential exploit
A vulnerability was found in Thecosy IceCMS 2.0.1. It has been classified as problematic. Affected is an unknown function of the file /login of the component Captcha Handler. The manipulation leads to improper restriction of excessive authentication attempts. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247884.
Products affected by CVE-2023-6756
- cpe:2.3:a:thecosy:icecms:2.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6756
0.17%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 36 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6756
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
VulDB | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
VulDB | |
|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2023-6756
-
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.Assigned by: cna@vuldb.com (Primary)
References for CVE-2023-6756
-
https://vuldb.com/?id.247884
CVE-2023-6756: Thecosy IceCMS Captcha login excessive authenticationThird Party Advisory
-
https://vuldb.com/?ctiid.247884
CVE-2023-6756: Thecosy IceCMS Captcha login excessive authenticationThird Party Advisory
-
http://124.71.147.32:8082/IceCMS2.html
Exploit;Third Party Advisory
Jump to