Icmsdev

icmsdev

18 CVEs • 1 product

Products (1)

Click to collapse

Toggle

CVEs (18)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-42322 1Icmsdev 1Icms Nov 21, 2024 Sep 20, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.
CVE-2023-42321 1Icmsdev 1Icms Nov 21, 2024 Sep 20, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.
CVE-2019-14976 1Icmsdev 1Icms Nov 21, 2024 Aug 12, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.
CVE-2019-6259 1Icmsdev 1Icms Nov 21, 2024 Jan 14, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
CVE-2018-18702 1Icmsdev 1Icms Nov 21, 2024 Oct 29, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
CVE-2018-16314 1Icmsdev 1Icms Nov 21, 2024 Sep 1, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this...Show more An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.Show less
CVE-2018-15895 1Icmsdev 1Icms Nov 21, 2024 Aug 27, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstra...Show more An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858.Show less
CVE-2018-14858 1Icmsdev 1Icms Nov 21, 2024 Aug 2, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vuln...Show more An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.Show less
CVE-2018-14514 1Icmsdev 1Icms Nov 21, 2024 Jul 23, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
CVE-2018-14415 1Icmsdev 1Icms Nov 21, 2024 Jul 20, 2018 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
CVE-2018-12498 1Icmsdev 1Icms Nov 21, 2024 Jun 15, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
CVE-2018-10250 1Icmsdev 1Icms Nov 21, 2024 Apr 20, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
CVE-2018-10222 1Icmsdev 1Icms Nov 21, 2024 Apr 19, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
CVE-2018-10117 1Icmsdev 1Icms Nov 21, 2024 Apr 16, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
CVE-2018-9925 1Icmsdev 1Icms Nov 21, 2024 Apr 10, 2018 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.
CVE-2018-9924 1Icmsdev 1Icms Nov 21, 2024 Apr 10, 2018 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.
CVE-2018-9923 1Icmsdev 1Icms Nov 21, 2024 Apr 10, 2018 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.
CVE-2018-9922 1Icmsdev 1Icms Nov 21, 2024 Apr 10, 2018 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.