Vulnerabilities > CVE-2018-15895 - Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |