Vulnerabilities > Idreamsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-08 | CVE-2023-40953 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.16 icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). | 8.8 |
| 2023-08-10 | CVE-2023-39805 | SQL Injection vulnerability in Idreamsoft Icms 7.0.16 iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. | 9.8 |
| 2023-08-10 | CVE-2023-39806 | SQL Injection vulnerability in Idreamsoft Icms 7.0.16 iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. | 9.8 |
| 2022-10-13 | CVE-2022-41496 | Server-Side Request Forgery (SSRF) vulnerability in Idreamsoft Icms 7.0.16 iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | 9.8 |
| 2022-02-04 | CVE-2021-44977 | Path Traversal vulnerability in Idreamsoft Icms In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | 7.5 |
| 2022-02-04 | CVE-2021-44978 | Code Injection vulnerability in Idreamsoft Icms iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | 9.8 |
| 2021-11-12 | CVE-2020-21141 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.15 iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | 8.8 |
| 2021-05-28 | CVE-2020-26641 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.16 A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts. | 8.8 |
| 2021-04-30 | CVE-2020-18070 | Path Traversal vulnerability in Idreamsoft Icms 7.0.13 Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". | 9.1 |
| 2020-12-10 | CVE-2020-19527 | OS Command Injection vulnerability in Idreamsoft Icms 7.0.14 iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. | 9.8 |