// For flags

CVE-2023-6760

Thecosy IceCMS user session

Severity Score

5.4
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

A vulnerability classified as critical was found in Thecosy IceCMS up to 2.0.1. This vulnerability affects unknown code. The manipulation leads to manage user sessions. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-247888.

Una vulnerabilidad fue encontrada en Thecosy IceCMS hasta 2.0.1 y clasificada como crítica. Esta vulnerabilidad afecta a código desconocido. La manipulación conduce a gestionar las sesiones de los usuarios. El ataque se puede iniciar de forma remota. El exploit ha sido divulgado al público y puede utilizarse. El identificador de esta vulnerabilidad es VDB-247888.

In Thecosy IceCMS bis 2.0.1 wurde eine Schwachstelle entdeckt. Sie wurde als kritisch eingestuft. Dabei geht es um eine nicht genauer bekannte Funktion. Durch die Manipulation mit unbekannten Daten kann eine manage user sessions-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung.

*Credits: zero121
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
Low
Availability
Low
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-12-13 CVE Reserved
  • 2023-12-13 CVE Published
  • 2023-12-16 EPSS Updated
  • 2024-08-02 CVE Updated
  • 2024-08-02 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-1018: Manage User Sessions
CAPEC
References (2)
URL Tag Source
https://vuldb.com/?id.247888 Third Party Advisory
URL Date SRC
http://39.106.130.187/yue/yue.html 2024-08-02
URL Date SRC
URL Date SRC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Thecosy
Search vendor "Thecosy"
 Icecms
Search vendor "Thecosy" for product "Icecms"
 2.0.1
Search vendor "Thecosy" for product "Icecms" and version "2.0.1"
-
Affected