{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-6467","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2023-12-01T16:42:41.193Z","datePublished":"2023-12-02T14:00:05.493Z","dateUpdated":"2024-08-02T08:28:21.869Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2023-12-02T14:00:05.493Z"},"title":"Thecosy IceCMS Comment Like improper enforcement of a single, unique action","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-837","lang":"en","description":"CWE-837 Improper Enforcement of a Single, Unique Action"}]}],"affected":[{"vendor":"Thecosy","product":"IceCMS","versions":[{"version":"2.0.1","status":"affected"}],"modules":["Comment Like Handler"]}],"descriptions":[{"lang":"en","value":"A vulnerability was found in Thecosy IceCMS 2.0.1. It has been rated as problematic. This issue affects some unknown processing of the file /Websquare/likeClickComment/ of the component Comment Like Handler. The manipulation leads to improper enforcement of a single, unique action. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The identifier VDB-246617 was assigned to this vulnerability."},{"lang":"de","value":"Eine Schwachstelle wurde in Thecosy IceCMS 2.0.1 ausgemacht. Sie wurde als problematisch eingestuft. Dies betrifft einen unbekannten Teil der Datei /Websquare/likeClickComment/ der Komponente Comment Like Handler. Durch Manipulieren mit unbekannten Daten kann eine improper enforcement of a single, unique action-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Die Komplexität eines Angriffs ist eher hoch. Die Ausnutzbarkeit gilt als schwierig. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV3_1":{"version":"3.1","baseScore":3.1,"vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV3_0":{"version":"3.0","baseScore":3.1,"vectorString":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","baseSeverity":"LOW"}},{"cvssV2_0":{"version":"2.0","baseScore":2.1,"vectorString":"AV:N/AC:H/Au:S/C:N/I:P/A:N"}}],"timeline":[{"time":"2023-12-01T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2023-12-01T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2023-12-01T17:47:59.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"zero121 (VulDB User)","type":"analyst"}],"references":[{"url":"https://vuldb.com/?id.246617","tags":["vdb-entry"]},{"url":"https://vuldb.com/?ctiid.246617","tags":["signature","permissions-required"]},{"url":"http://39.106.130.187/wenjian/2.html","tags":["exploit"]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T08:28:21.869Z"},"title":"CVE Program Container","references":[{"url":"https://vuldb.com/?id.246617","tags":["vdb-entry","x_transferred"]},{"url":"https://vuldb.com/?ctiid.246617","tags":["signature","permissions-required","x_transferred"]},{"url":"http://39.106.130.187/wenjian/2.html","tags":["exploit","x_transferred"]}]}]}}