Vulnerabilities > Idreamsoft

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-44977 Path Traversal vulnerability in Idreamsoft Icms
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
network
low complexity
idreamsoft CWE-22
5.0
2022-02-04 CVE-2021-44978 Code Injection vulnerability in Idreamsoft Icms
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
network
low complexity
idreamsoft CWE-94
7.5
2021-11-12 CVE-2020-21141 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.15
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
6.8
2021-05-28 CVE-2020-26641 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.16
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.
6.8
2021-04-30 CVE-2020-18070 Path Traversal vulnerability in Idreamsoft Icms 7.0.13
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
network
low complexity
idreamsoft CWE-22
6.4
2020-12-10 CVE-2020-19527 OS Command Injection vulnerability in Idreamsoft Icms 7.0.14
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
network
low complexity
idreamsoft CWE-78
critical
10.0
2020-12-10 CVE-2020-19142 OS Command Injection vulnerability in Idreamsoft Icms 7.0.0
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
network
low complexity
idreamsoft CWE-78
critical
10.0
2020-09-10 CVE-2020-24739 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.0
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account.
4.3
2019-10-14 CVE-2019-17583 Allocation of Resources Without Limits or Throttling vulnerability in Idreamsoft Icms 7.0.15
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.
network
low complexity
idreamsoft CWE-770
5.0
2019-10-14 CVE-2019-17552 SQL Injection vulnerability in Idreamsoft Icms 7.0.14
An issue was discovered in idreamsoft iCMS v7.0.14.
network
low complexity
idreamsoft CWE-89
7.5