CVE-2023-6467

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-246617 was assigned to this vulnerability.

CVSS v3 3.7 LOW
CVSS v2.0 2.1 LOW

3.7^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact LOW

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:N/AC:H/Au:S/C:N/I:P/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector NETWORK

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://39.106.130.187/wenjian/2.html	Exploit Third Party Advisory
https://vuldb.com/?ctiid.246617	Permissions Required Third Party Advisory
https://vuldb.com/?id.246617	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:thecosy:icecms:2.0.1:*:*:*:*:*:*:*

History

06 Dec 2023, 20:33

Type	Values Removed	Values Added
References	~~() http://39.106.130.187/wenjian/2.html -~~	() http://39.106.130.187/wenjian/2.html - Exploit, Third Party Advisory
References	~~() https://vuldb.com/?ctiid.246617 -~~	() https://vuldb.com/?ctiid.246617 - Permissions Required, Third Party Advisory
References	~~() https://vuldb.com/?id.246617 -~~	() https://vuldb.com/?id.246617 - Third Party Advisory
CWE		NVD-CWE-Other
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 3.7
CPE		cpe:2.3:a:thecosy:icecms:2.0.1:::::::*

02 Dec 2023, 14:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-02 14:15

Updated : 2024-05-17 02:33

NVD link : CVE-2023-6467

Mitre link : CVE-2023-6467

CVE.ORG link : CVE-2023-6467

JSON object : View

Products Affected

thecosy

icecms

CWE

NVD-CWE-Other CWE-837

Improper Enforcement of a Single, Unique Action

{"id": "CVE-2023-6467", "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.2}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.1, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.6}]}, "published": "2023-12-02T14:15:07.647", "references": [{"url": "http://39.106.130.187/wenjian/2.html", "tags": ["Exploit", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.246617", "tags": ["Permissions Required", "Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.246617", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}, {"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-837"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-246617 was assigned to this vulnerability."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad en Thecosy IceCMS 2.0.1. Ha sido calificada como problem\u00e1tica. Este problema afecta un procesamiento desconocido del archivo /Websquare/likeClickComment/ del componente Comment Like Handler. La manipulaci\u00f3n conduce a la ejecuci\u00f3n inadecuada de una acci\u00f3n \u00fanica y \u00fanica. El ataque puede iniciarse de forma remota. La complejidad de un ataque es bastante alta. Se sabe que la explotaci\u00f3n es dif\u00edcil. El exploit ha sido divulgado al p\u00fablico y puede utilizarse. A esta vulnerabilidad se le asign\u00f3 el identificador VDB-246617."}], "lastModified": "2024-05-17T02:33:44.020", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:thecosy:icecms:2.0.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E8BFA839-61F5-4B6F-9A53-5BF6F0DADF20"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}