Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
idreamsoft vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2018-9925
An issue exists in idreamsoft iCMS up to and including 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.
Icmsdev Icms
9.8
CVSSv3
CVE-2018-14514
An SSRF vulnerability exists in idreamsoft iCMS V7.0.9 that allows malicious users to read sensitive files, access an intranet, or possibly have unspecified other impact.
Icmsdev Icms 7.0.9
6.1
CVSSv3
CVE-2018-14415
An issue exists in idreamsoft iCMS prior to 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
Icmsdev Icms
8.8
CVSSv3
CVE-2018-10222
An issue exists in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
Icmsdev Icms 7.0
9.8
CVSSv3
CVE-2018-9924
An issue exists in idreamsoft iCMS up to and including 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.
Icmsdev Icms
8.8
CVSSv3
CVE-2018-10117
An issue exists in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
Icmsdev Icms 7.0.7
8.8
CVSSv3
CVE-2018-9923
An issue exists in idreamsoft iCMS up to and including 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.
Icmsdev Icms
8.8
CVSSv3
CVE-2018-16314
An issue exists in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
Icmsdev Icms 7.0.11
7.5
CVSSv3
CVE-2018-14858
An SSRF vulnerability exists in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.
Icmsdev Icms
7.5
CVSSv3
CVE-2018-15895
An SSRF vulnerability exists in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists bec...
Icmsdev Icms
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race condition
CVE-2024-4249
CVE-2024-4244
CVE-2023-20198
TCP
CVE-2022-48648
CVE-2022-48636
CVE-2024-21345
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4