CVE-2023-6756

CVSS 3.1 Score 9.8 of 10 (high)

Details

Published Dec 13, 2023

Updated: May 17, 2024

CWE ID 307

Summary

CVE-2023-6756 is a newly disclosed vulnerability affecting Thecosy IceCMS version 2.0.1. This issue, classified as problematic, lies within an unknown function in the Captcha Handler's /login file. An attacker can exploit this vulnerability by making excessive authentication attempts, which are not properly restricted. The exploit is remotely executable, meaning an attacker can target the affected system from a remote location. The vulnerability's details have been made public, increasing the risk of potential attacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tyeFh8
https://www.cve.org/CVERecord?id=CVE-2023-6756
https://nvd.nist.gov/vuln/detail/CVE-2023-6756

Back to Vulnerability Database

CVE-2023-6756

CVSS 3.1 Score 9.8 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations