Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icmsdev vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-10117
An issue exists in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
Icmsdev Icms 7.0.7
8.8
CVSSv3
CVE-2023-42321
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote malicious user to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.
Icmsdev Icms 7.0.16
9.8
CVSSv3
CVE-2023-42322
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote malicious user to obtain sensitive information.
Icmsdev Icms 7.0.16
6.1
CVSSv3
CVE-2019-14976
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.
Icmsdev Icms 7.0.15
9.8
CVSSv3
CVE-2018-12498
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
Icmsdev Icms 7.0.8
5.4
CVSSv3
CVE-2018-10250
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
Icmsdev Icms 7.0.8
9.8
CVSSv3
CVE-2019-6259
An issue exists in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
Icmsdev Icms 7.0.13
9.8
CVSSv3
CVE-2018-18702
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
Icmsdev Icms 7.0.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2