Vulnerability Details : CVE-2023-6759
Potential exploit
A vulnerability classified as problematic has been found in Thecosy IceCMS 2.0.1. This affects an unknown part of the file /WebResource/resource of the component Love Handler. The manipulation leads to improper enforcement of a single, unique action. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-247887.
Products affected by CVE-2023-6759
- cpe:2.3:a:thecosy:icecms:2.0.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-6759
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 41 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-6759
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
VulDB | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N |
3.9
|
1.4
|
VulDB | |
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
CWE ids for CVE-2023-6759
-
The product requires that an actor should only be able to perform an action once, or to have only one unique action, but the product does not enforce or improperly enforces this restriction.Assigned by: cna@vuldb.com (Secondary)
References for CVE-2023-6759
-
https://vuldb.com/?id.247887
CVE-2023-6759: Thecosy IceCMS Love resource improper enforcement of a single, unique actionThird Party Advisory
-
https://vuldb.com/?ctiid.247887
Login requiredPermissions Required;Third Party Advisory
-
http://39.106.130.187/Icecms.html
Exploit;Third Party Advisory
Jump to