Vulnerabilities > Icmsdev > Icms > 7.0.11

DATE CVE VULNERABILITY TITLE RISK
2018-10-29 CVE-2018-18702 SQL Injection vulnerability in Icmsdev Icms 7.0.11
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
network
low complexity
icmsdev CWE-89
critical
 9.8
9.8
2018-09-01 CVE-2018-16314 Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.11
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11.
network
low complexity
icmsdev CWE-352
8.8
8.8