Vulnerabilities > Icmsdev
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-09-20 | CVE-2023-42321 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.16 Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. | 8.8 |
2023-09-20 | CVE-2023-42322 | Session Fixation vulnerability in Icmsdev Icms 7.0.16 Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | 9.8 |
2019-08-12 | CVE-2019-14976 | Cross-site Scripting vulnerability in Icmsdev Icms 7.0.15 iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. | 6.1 |
2019-01-14 | CVE-2019-6259 | SQL Injection vulnerability in Icmsdev Icms 7.0.13 An issue was discovered in idreamsoft iCMS V7.0.13. | 9.8 |
2018-10-29 | CVE-2018-18702 | SQL Injection vulnerability in Icmsdev Icms 7.0.11 spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | 9.8 |
2018-09-01 | CVE-2018-16314 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.11 An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. | 8.8 |
2018-08-27 | CVE-2018-15895 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. | 7.5 |
2018-08-02 | CVE-2018-14858 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. | 7.5 |
2018-07-23 | CVE-2018-14514 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms 7.0.9 An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | 9.8 |
2018-07-20 | CVE-2018-14415 | Cross-site Scripting vulnerability in Icmsdev Icms An issue was discovered in idreamsoft iCMS before 7.0.10. | 6.1 |