Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Icms
(Icmsdev)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 18 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-09-20 | CVE-2023-42322 | Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | Icms | 9.8 | ||
| 2023-09-20 | CVE-2023-42321 | Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. | Icms | 8.8 | ||
| 2019-08-12 | CVE-2019-14976 | iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. | Icms | 6.1 | ||
| 2019-01-14 | CVE-2019-6259 | An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. | Icms | 9.8 | ||
| 2018-04-10 | CVE-2018-9925 | An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. | Icms | 5.4 | ||
| 2018-04-10 | CVE-2018-9924 | An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request. | Icms | 9.8 | ||
| 2018-04-10 | CVE-2018-9923 | An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. | Icms | 8.8 | ||
| 2018-04-10 | CVE-2018-9922 | An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. | Icms | 5.3 | ||
| 2018-10-29 | CVE-2018-18702 | spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | Icms | 9.8 | ||
| 2018-09-01 | CVE-2018-16314 | An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. | Icms | 8.8 |