Headline
CVE-2023-42322: CVE-2023-42322
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.
[CVE-ID]
CVE-2023-42322
[CNVD-ID]
CNVD-2023-66769
[Description]
In the icms V7.0.16 version, the attacker obtains the session through some means and can hijack the session of the website. You can perform operations on the website backend without logging in, such as deleting any files, comments, users, etc.
------------------------------------------
[Vulnerability Type]
Insecure Permissions
------------------------------------------
[Vendor of Product]
icmsdev
------------------------------------------
[Affected Product Code Base]
icms - V7.0.16
------------------------------------------
[Affected Component]
delete any files, comments, users, etc
------------------------------------------
[Attack Type]
Remote
------------------------------------------
[Impact Information Disclosure]
true
------------------------------------------
[Attack Vectors]
Hijacked cookies
------------------------------------------
[Reference]
https://www.icmsdev.com/
------------------------------------------
[Has vendor confirmed or acknowledged the vulnerability?]
true
------------------------------------------
[Discoverer]
chubby