Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idreamsoft icms vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2019-17552
An issue exists in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
Idreamsoft Icms 7.0.14
7.5
CVSSv3
CVE-2019-7236
An issue exists in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.
Idreamsoft Icms 7.0.13
7.2
CVSSv3
CVE-2018-16320
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.
Idreamsoft Icms 7.0.11
8.8
CVSSv3
CVE-2018-16332
An issue exists in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
Idreamsoft Icms 7.0.9
8.8
CVSSv3
CVE-2023-40953
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).
Idreamsoft Icms 7.0.16
9.8
CVSSv3
CVE-2023-39805
iCMS v7.0.16 exists to contain a SQL injection vulnerability via the where parameter at admincp.php.
Idreamsoft Icms 7.0.16
9.8
CVSSv3
CVE-2023-39806
iCMS v7.0.16 exists to contain a SQL injection vulnerability via the bakupdata function.
Idreamsoft Icms 7.0.16
7.5
CVSSv3
CVE-2019-17583
idreamsoft iCMS 7.0.15 allows remote malicious users to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.
Idreamsoft Icms 7.0.15
9.8
CVSSv3
CVE-2019-7160
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
Idreamsoft Icms 7.0.13
9.1
CVSSv3
CVE-2019-7234
An issue exists in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can the...
Idreamsoft Icms 7.0.13
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761
command injection
CVE-2024-3676
IDOR
CVE-2024-30039
CVE-2024-32113
CVE-2024-30049
CVE-2024-4776
SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »