CVE-2023-6762

MEDIUM Year: 2023
CVSS v3 Score
4.3
Medium
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-275
View all →

Vulnerability Description

A vulnerability, which was classified as critical, was found in Thecosy IceCMS 2.0.1. Affected is an unknown function of the file /article/DelectArticleById/ of the component Article Handler. The manipulation leads to permission issues. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-247890 is the identifier assigned to this vulnerability.

Related Vulnerabilities

CVE-2013-4201

MEDIUM
CVSS:4.3(Medium)

Katello allows remote authenticated users to call the "system remove_deletion" CLI command via vectors related to "remove system" permissions.

CWE-2752013

CVE-2016-2406

MEDIUM
CVSS:4.3(Medium)

The permission control module in Huawei Document Security Management (aka DSM) before V100R002C05SPC670 allows remote authenticated users to obtain sensitive information from encrypted documents by le...

CWE-2752016

CVE-2016-4873

MEDIUM
CVSS:4.3(Medium)

Cybozu Office 9.0.0 to 10.4.0 allows remote authenticated attackers to execute unintended operations via the Project function.

CWE-2752016

CVE-2016-9461

MEDIUM
CVSS:4.3(Medium)

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying edit check permissions on WebDAV copy actions. The WebDAV endpoint was not properly checking the permission on ...

CWE-2752016

CVE-2016-9462

MEDIUM
CVSS:4.3(Medium)

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are not properly verifying restore privileges when restoring a file. The restore capability of Nextcloud/ownCloud was not verifying whethe...

CWE-2752016

CVE-2017-0884

MEDIUM
CVSS:4.3(Medium)

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a creation of folders in read-only folders despite lacking permissions issue. Due to a logical error in the file caching layer an authenticated a...

CWE-2752017