Product:

Icms

(Idreamsoft)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 28
Date Id Summary Products Score Patch Annotated
2022-02-04 CVE-2021-44978 iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. Icms 9.8
2023-08-10 CVE-2023-39805 iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. Icms 9.8
2023-08-10 CVE-2023-39806 iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. Icms 9.8
2023-09-08 CVE-2023-40953 icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). Icms 8.8
2019-10-14 CVE-2019-17583 idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer. Icms N/A
2019-10-14 CVE-2019-17552 An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. Icms N/A
2019-09-21 CVE-2019-16677 An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. Icms N/A
2019-02-18 CVE-2019-8902 An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. Icms 5.7
2019-01-30 CVE-2019-7237 An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. Icms 7.5
2019-01-30 CVE-2019-7236 An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. Icms 7.5