Vulnerabilities > Icmsdev

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-12	CVE-2019-14976	Cross-site Scripting vulnerability in Icmsdev Icms 7.0.15 iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. network icmsdev CWE-79	4.3
2019-01-14	CVE-2019-6259	SQL Injection vulnerability in Icmsdev Icms 7.0.13 An issue was discovered in idreamsoft iCMS V7.0.13. network low complexity icmsdev CWE-89	7.5
2018-10-29	CVE-2018-18702	SQL Injection vulnerability in Icmsdev Icms 7.0.11 spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. network low complexity icmsdev CWE-89	7.5
2018-09-01	CVE-2018-16314	Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.11 An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. network icmsdev CWE-352	6.8
2018-08-27	CVE-2018-15895	Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. network low complexity icmsdev CWE-918	5.0
2018-08-02	CVE-2018-14858	Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. network low complexity icmsdev CWE-918	5.0
2018-07-23	CVE-2018-14514	Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms 7.0.9 An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. network low complexity icmsdev CWE-918	7.5
2018-07-20	CVE-2018-14415	Cross-site Scripting vulnerability in Icmsdev Icms An issue was discovered in idreamsoft iCMS before 7.0.10. network icmsdev CWE-79	4.3
2018-06-15	CVE-2018-12498	SQL Injection vulnerability in Icmsdev Icms 7.0.8 spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. network low complexity icmsdev CWE-89	7.5
2018-04-20	CVE-2018-10250	Cross-site Scripting vulnerability in Icmsdev Icms 7.0.8 iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search. network icmsdev CWE-79	3.5

Vulnerabilities > Icmsdev {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Icmsdev"}]}

Vulnerabilities > Icmsdev