📦 Icecms

IceCMS v3.4.7 and earlier contain a hardcoded JWT secret key, allowing attackers to forge authentication tokens and gain unauthorized access. This affects all deployments using vulnerable versions of ...

An access control vulnerability in iceCMS v2.2.0 allows unauthenticated attackers to access sensitive information via the /square/getAllSquare/circle endpoint. This affects all deployments of iceCMS v...

An unauthenticated access control vulnerability in iceCMS v2.2.0 allows attackers to access sensitive information via the /api/squareComment/DelectSquareById endpoint. This affects all deployments run...

This vulnerability allows attackers to bypass authentication in IceCMS by entering any arbitrary values as username and password in the admin login endpoint. Any organization using IceCMS v3.4.7 or ea...

An access control vulnerability in IceCMS v3.4.7 and earlier allows attackers to modify any user's information, including usernames and passwords, without proper authorization. This affects all IceCMS...