Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icms vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2018-14415
An issue exists in idreamsoft iCMS prior to 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
Icmsdev Icms
4.9
CVSSv2
CVE-2019-8902
An issue exists in idreamsoft iCMS up to and including 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
Idreamsoft Icms
5
CVSSv2
CVE-2018-14858
An SSRF vulnerability exists in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.
Icmsdev Icms
7.5
CVSSv2
CVE-2018-14514
An SSRF vulnerability exists in idreamsoft iCMS V7.0.9 that allows malicious users to read sensitive files, access an intranet, or possibly have unspecified other impact.
Icmsdev Icms 7.0.9
6.8
CVSSv2
CVE-2018-16314
An issue exists in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
Icmsdev Icms 7.0.11
6.8
CVSSv2
CVE-2018-16332
An issue exists in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
Idreamsoft Icms 7.0.9
6.8
CVSSv2
CVE-2018-16365
An issue exists in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
Idreamsoft Icms 7.0.10
6.8
CVSSv2
CVE-2018-16366
An issue exists in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
Idreamsoft Icms 7.0.10
7.5
CVSSv2
CVE-2019-7160
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
Idreamsoft Icms 7.0.13
NA
CVE-2023-42321
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote malicious user to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.
Icmsdev Icms 7.0.16
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-26978
CVE-2024-26982
wireless
CVE-2023-6949
CVE-2024-26980
CVE-2024-32766
CVE-2024-26939
cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »