Vulnerabilities > Idreamsoft
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-13 | CVE-2022-41496 | Server-Side Request Forgery (SSRF) vulnerability in Idreamsoft Icms 7.0.16 iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | 9.8 |
| 2022-02-04 | CVE-2021-44977 | Path Traversal vulnerability in Idreamsoft Icms In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | 5.0 |
| 2022-02-04 | CVE-2021-44978 | Code Injection vulnerability in Idreamsoft Icms iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | 7.5 |
| 2021-11-12 | CVE-2020-21141 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.15 iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | 6.8 |
| 2021-05-28 | CVE-2020-26641 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.16 A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts. | 6.8 |
| 2021-04-30 | CVE-2020-18070 | Path Traversal vulnerability in Idreamsoft Icms 7.0.13 Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". | 6.4 |
| 2020-12-10 | CVE-2020-19527 | OS Command Injection vulnerability in Idreamsoft Icms 7.0.14 iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. | 10.0 |
| 2020-12-10 | CVE-2020-19142 | OS Command Injection vulnerability in Idreamsoft Icms 7.0.0 iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. | 10.0 |
| 2020-09-10 | CVE-2020-24739 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.0 A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. | 4.3 |
| 2019-10-14 | CVE-2019-17583 | Allocation of Resources Without Limits or Throttling vulnerability in Idreamsoft Icms 7.0.15 idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer. | 5.0 |