Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
icmsdev icms vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2018-14858
An SSRF vulnerability exists in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.
Icmsdev Icms
445
VMScore
CVE-2018-9922
An issue exists in idreamsoft iCMS up to and including 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.
Icmsdev Icms
605
VMScore
CVE-2018-9923
An issue exists in idreamsoft iCMS up to and including 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.
Icmsdev Icms
668
VMScore
CVE-2018-9924
An issue exists in idreamsoft iCMS up to and including 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.
Icmsdev Icms
312
VMScore
CVE-2018-9925
An issue exists in idreamsoft iCMS up to and including 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.
Icmsdev Icms
383
VMScore
CVE-2018-14415
An issue exists in idreamsoft iCMS prior to 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
Icmsdev Icms
445
VMScore
CVE-2018-15895
An SSRF vulnerability exists in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists bec...
Icmsdev Icms
668
VMScore
CVE-2018-18702
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
Icmsdev Icms 7.0.11
NA
CVE-2023-42321
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote malicious user to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.
Icmsdev Icms 7.0.16
NA
CVE-2023-42322
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote malicious user to obtain sensitive information.
Icmsdev Icms 7.0.16
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-26925
CVE-2023-41826
LFI
CVE-2022-22364
CVE-2024-2887
command injection
remote code execution
CVE-2024-34446
CVE-2022-48699
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »