CVE-2024-46610 | Thecosy IceCMS up to 3.4.7 POST Request UserController.java ChangeUser username/password access control

CVE-2024-46610 | Thecosy IceCMS up to 3.4.7 POST Request UserController.java ChangeUser username/password access control

A vulnerability classified as problematic has been found in Thecosy IceCMS up to 3.4.7. Affected is the function ChangeUser of the file UserController.java of the component POST Request Handler. The manipulation of the argument username/password leads to improper access controls. This vulnerability is traded as CVE-2024-46610. Access to the local network is required for this attack to succeed. There is no exploit available.