Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icms vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2020-24739
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.
Idreamsoft Icms 7.0.0
9.8
CVSSv3
CVE-2019-17552
An issue exists in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
Idreamsoft Icms 7.0.14
7.5
CVSSv3
CVE-2019-17583
idreamsoft iCMS 7.0.15 allows remote malicious users to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.
Idreamsoft Icms 7.0.15
9.8
CVSSv3
CVE-2018-12498
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
Icmsdev Icms 7.0.8
9.1
CVSSv3
CVE-2020-18070
Path Traversal in iCMS v7.0.13 allows remote malicious users to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
Idreamsoft Icms 7.0.13
6.1
CVSSv3
CVE-2019-11426
An XSS issue exists in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
Idreamsoft Icms 7.0.14
6.1
CVSSv3
CVE-2018-13865
An issue exists in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.
Idreamsoft Icms 7.0.9
6.5
CVSSv3
CVE-2019-16677
An issue exists in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
Idreamsoft Icms 7.0.0
9.8
CVSSv3
CVE-2019-6259
An issue exists in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
Icmsdev Icms 7.0.13
8.8
CVSSv3
CVE-2020-26641
A Cross Site Request Forgery (CSRF) vulnerability exists in iCMS 7.0.16 which can allow an malicious user to execute arbitrary web scripts.
Idreamsoft Icms 7.0.16
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36920
buffer overflow
CVE-2024-36913
CVE-2024-5497
CVE-2024-23917
CVE-2024-4956
server-side request forgery
CVE-2024-35468
SSTI
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »