Vulnerabilities > Icmsdev > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-42322 | Session Fixation vulnerability in Icmsdev Icms 7.0.16 Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | 9.8 |
| 2019-01-14 | CVE-2019-6259 | SQL Injection vulnerability in Icmsdev Icms 7.0.13 An issue was discovered in idreamsoft iCMS V7.0.13. | 9.8 |
| 2018-10-29 | CVE-2018-18702 | SQL Injection vulnerability in Icmsdev Icms 7.0.11 spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | 9.8 |
| 2018-07-23 | CVE-2018-14514 | Server-Side Request Forgery (SSRF) vulnerability in Icmsdev Icms 7.0.9 An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | 9.8 |
| 2018-06-15 | CVE-2018-12498 | SQL Injection vulnerability in Icmsdev Icms 7.0.8 spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. | 9.8 |
| 2018-04-10 | CVE-2018-9924 | SQL Injection vulnerability in Icmsdev Icms An issue was discovered in idreamsoft iCMS through 7.0.7. | 9.8 |