Headline
CVE-2023-4704: Misconfiguration in message sending function in icms2
External Control of System or Configuration Setting in GitHub repository instantsoft/icms2 prior to 2.16.1-git.
Description
Web application misconfiguration in messaging function. This vulnerability results in a user’s messages being automatically sent to all other users. This results in the user’s information potentially being exposed
Proof of Concept
link video Poc https://drive.google.com/file/d/1eXQXJAeIJ0KVWAKRUeBtvgNZzHW_3la_/view?usp=sharing
Steps
1 . Login to admin account with chorme browser and login to demo account with another browser
2 . Using demo account send message to admin then intercept request with burpsuite and send request to burp repeater for editing
3 . Then fix the contact_id value with 3 , which is the id value of the demo account, let the demo account send messages to itself
4 . After sending a message to yourself, when the demo account sends a message to a certain user, the system will automatically send a message to all users.
Impact
This vulnerability results in a user’s messages being automatically sent to all other users. This results in the user’s information potentially being exposed