CVE-2023-6467 LOW

CVE-2023-6467: Thecosy IceCMS Comment Like improper enforcement of a single, unique action

Vendor Thecosy
Product IceCMS
Weakness CWE-837
Published December 2, 2023
Last update August 2, 2024

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-246617 was assigned to this vulnerability.

Key dates

02Disclosure timeline

December 2, 2023 CVE published
August 2, 2024 Record updated