Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2005-4396
Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote malicious users to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.
Icms Content Management Systems Icms
5
CVSSv2
CVE-2005-3574
PHP file inclusion vulnerability in index.php of iCMS allows remote malicious users to include arbitrary files via the page parameter.
Icms Content Management Systems Icms
7.5
CVSSv2
CVE-2005-4397
SQL injection vulnerability in RunScript.asp iCMS allows remote malicious users to execute arbitrary SQL commands via the Event_ID parameter.
Icms Content Management Systems Icms
4.3
CVSSv2
CVE-2018-14415
An issue exists in idreamsoft iCMS prior to 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
Icmsdev Icms
4.9
CVSSv2
CVE-2019-8902
An issue exists in idreamsoft iCMS up to and including 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
Idreamsoft Icms
5
CVSSv2
CVE-2021-44977
In iCMS <=8.0.0, a directory traversal vulnerability allows an malicious user to read arbitrary files.
Idreamsoft Icms
7.5
CVSSv2
CVE-2021-44978
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
Idreamsoft Icms
5
CVSSv2
CVE-2018-9922
An issue exists in idreamsoft iCMS up to and including 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.
Icmsdev Icms
6.8
CVSSv2
CVE-2018-9923
An issue exists in idreamsoft iCMS up to and including 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.
Icmsdev Icms
7.5
CVSSv2
CVE-2018-9924
An issue exists in idreamsoft iCMS up to and including 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.
Icmsdev Icms
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692
CVE-2012-1823
memory leak
CVE-2024-0627
CVE-2024-31402
privilege escalation
CVE-2024-36418
remote code execution
CVE-2024-27844
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »