CVE-2024-46610

An access control issue in IceCMS v3.4.7 and before allows attackers to arbitrarily modify users' information, including username and password, via a crafted POST request sent to the endpoint /User/ChangeUser/s in the ChangeUser function in UserController.java > MITRE Terms of Use apply – see LICENSE‑MITRE.txt