Primary

Context

iceCMS Access Control Vulnerability in Square Comment API

Vulnerability

An access control vulnerability has been identified in iceCMS version 2.2.0, specifically within the Square Comment API endpoint 'DelectSquareById'. This vulnerability allows unauthenticated attackers to access sensitive information by exploiting improper access controls, particularly in the content management features of the admin interface.

Impact

Exploitation of this vulnerability could lead to unauthorized access and deletion of user data.

Reproduction

To reproduce this vulnerability, send a GET request to the '/api/squareComment/DelectSquareById' endpoint, including the ID of the comment to be accessed. The request can be made without an authorization token, which will bypass authentication and allow access to sensitive information.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

7.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

7.8

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

iceCMS Access Control Vulnerability in Square Comment API

Vulnerability

Impact

Reproduction

Affected Products

iceCMS

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating