Idreamsoft

idreamsoft

30 CVEs • 1 product

Products (1)

Click to collapse

Toggle

Icms

icms

30 CVEs

CVEs (30)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-30661 1Idreamsoft 1Icms Mar 25, 2026 Mar 24, 2026 N/A· v4 6.1 MEDIUM· v3 N/A· v2 iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regi...Show more iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters.Show less
CVE-2025-15394 1Idreamsoft 1Icms Apr 29, 2026 Dec 31, 2025 2.0 LOW· v4 7.2 HIGH· v3 5.8 MEDIUM· v2 A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code in...Show more A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-40953 1Idreamsoft 1Icms Nov 21, 2024 Sep 8, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).
CVE-2023-39806 1Idreamsoft 1Icms Nov 21, 2024 Aug 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
CVE-2023-39805 1Idreamsoft 1Icms Nov 21, 2024 Aug 10, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
CVE-2022-41496 1Idreamsoft 1Icms May 15, 2025 Oct 13, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
CVE-2021-44978 1Idreamsoft 1Icms Nov 21, 2024 Feb 4, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
CVE-2021-44977 1Idreamsoft 1Icms Nov 21, 2024 Feb 4, 2022 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
CVE-2020-21141 1Idreamsoft 1Icms Nov 21, 2024 Nov 12, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
CVE-2020-26641 1Idreamsoft 1Icms Nov 21, 2024 May 28, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.
CVE-2020-18070 1Idreamsoft 1Icms Nov 21, 2024 Apr 30, 2021 N/A· v4 9.1 CRITICAL· v3 6.4 MEDIUM· v2 Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
CVE-2020-19527 1Idreamsoft 1Icms Nov 21, 2024 Dec 10, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
CVE-2020-19142 1Idreamsoft 1Icms Nov 21, 2024 Dec 10, 2020 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
CVE-2020-24739 1Idreamsoft 1Icms Nov 21, 2024 Sep 10, 2020 N/A· v4 6.5 MEDIUM· v3 4.3 MEDIUM· v2 A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be dele...Show more A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.Show less
CVE-2019-17583 1Idreamsoft 1Icms Nov 21, 2024 Oct 14, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large posi...Show more idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.Show less
CVE-2019-17552 1Idreamsoft 1Icms Nov 21, 2024 Oct 14, 2019 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
CVE-2019-16677 1Idreamsoft 1Icms Nov 21, 2024 Sep 21, 2019 N/A· v4 6.5 MEDIUM· v3 5.8 MEDIUM· v2 An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-11427 1Idreamsoft 1Icms Nov 21, 2024 Apr 22, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.
CVE-2019-11426 1Idreamsoft 1Icms Nov 21, 2024 Apr 22, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
CVE-2019-8902 1Idreamsoft 1Icms Nov 21, 2024 Feb 18, 2019 N/A· v4 5.7 MEDIUM· v3 4.9 MEDIUM· v2 An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.

12 Next