Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icms vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2018-10250
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
Icmsdev Icms 7.0.8
668
VMScore
CVE-2019-6259
An issue exists in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
Icmsdev Icms 7.0.13
383
VMScore
CVE-2020-24739
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.
Idreamsoft Icms 7.0.0
NA
CVE-2022-41496
iCMS v7.0.16 exists to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
Idreamsoft Icms 7.0.16
668
VMScore
CVE-2019-7160
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
Idreamsoft Icms 7.0.13
570
VMScore
CVE-2019-7234
An issue exists in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can the...
Idreamsoft Icms 7.0.13
570
VMScore
CVE-2019-7235
An issue exists in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.
Idreamsoft Icms 7.0.13
445
VMScore
CVE-2019-7236
An issue exists in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.
Idreamsoft Icms 7.0.13
668
VMScore
CVE-2018-18702
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
Icmsdev Icms 7.0.11
445
VMScore
CVE-2005-4219
setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow malicious users to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that...
Innovative Cms Innovative Cms
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
client side
CVE-2023-31889
template injection
CVE-2024-4304
CVE-2006-4304
CVE-2024-33272
type confusion
CVE-2024-21345
CVE-2024-33271
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5