Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icmsdev icms vulnerabilities and exploits
(subscribe to this query)
6.8
CVSSv2
CVE-2018-10222
An issue exists in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
Icmsdev Icms 7.0
3.5
CVSSv2
CVE-2018-10250
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
Icmsdev Icms 7.0.8
7.5
CVSSv2
CVE-2018-18702
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
Icmsdev Icms 7.0.11
7.5
CVSSv2
CVE-2018-12498
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
Icmsdev Icms 7.0.8
7.5
CVSSv2
CVE-2019-6259
An issue exists in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
Icmsdev Icms 7.0.13
7.5
CVSSv2
CVE-2018-14514
An SSRF vulnerability exists in idreamsoft iCMS V7.0.9 that allows malicious users to read sensitive files, access an intranet, or possibly have unspecified other impact.
Icmsdev Icms 7.0.9
6.8
CVSSv2
CVE-2018-16314
An issue exists in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
Icmsdev Icms 7.0.11
4.3
CVSSv2
CVE-2019-14976
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.
Icmsdev Icms 7.0.15
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2