Vulnerabilities > Icmsdev > Icms > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-42321 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.16 Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. | 8.8 |
| 2018-09-01 | CVE-2018-16314 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.11 An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. | 8.8 |
| 2018-08-27 | CVE-2018-15895 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. | 7.5 |
| 2018-08-02 | CVE-2018-14858 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. | 7.5 |
| 2018-04-19 | CVE-2018-10222 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0 An issue was discovered in idreamsoft iCMS V7.0. | 8.8 |
| 2018-04-16 | CVE-2018-10117 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.7 An issue was discovered in idreamsoft iCMS V7.0.7. | 8.8 |
| 2018-04-10 | CVE-2018-9923 | Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms An issue was discovered in idreamsoft iCMS through 7.0.7. | 8.8 |