Vulnerabilities > Icmsdev > Icms > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-20 CVE-2023-42321 Cross-Site Request Forgery (CSRF) vulnerability in Icmsdev Icms 7.0.16
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.
network
low complexity
icmsdev CWE-352
8.8
8.8
2019-01-14 CVE-2019-6259 SQL Injection vulnerability in Icmsdev Icms 7.0.13
An issue was discovered in idreamsoft iCMS V7.0.13.
network
low complexity
icmsdev CWE-89
7.5
7.5
2018-10-29 CVE-2018-18702 SQL Injection vulnerability in Icmsdev Icms 7.0.11
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
network
low complexity
icmsdev CWE-89
7.5
7.5
2018-07-23 CVE-2018-14514 Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms 7.0.9
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
network
low complexity
icmsdev CWE-918
7.5
7.5
2018-06-15 CVE-2018-12498 SQL Injection vulnerability in Icmsdev Icms 7.0.8
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
network
low complexity
icmsdev CWE-89
7.5
7.5
2018-04-10 CVE-2018-9924 SQL Injection vulnerability in Icmsdev Icms
An issue was discovered in idreamsoft iCMS through 7.0.7.
network
low complexity
icmsdev CWE-89
7.5
7.5