Vulnerabilities > Idreamsoft > Icms > 7.0.0

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-44977 Path Traversal vulnerability in Idreamsoft Icms
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
network
low complexity
idreamsoft CWE-22
7.5
7.5
2022-02-04 CVE-2021-44978 Code Injection vulnerability in Idreamsoft Icms
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
network
low complexity
idreamsoft CWE-94
critical
 9.8
9.8
2020-12-10 CVE-2020-19142 OS Command Injection vulnerability in Idreamsoft Icms 7.0.0
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
network
low complexity
idreamsoft CWE-78
critical
 9.8
9.8
2020-09-10 CVE-2020-24739 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.0
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account.
network
low complexity
idreamsoft CWE-352
6.5
6.5
2019-09-21 CVE-2019-16677 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.0
An issue was discovered in idreamsoft iCMS V7.0.
network
low complexity
idreamsoft CWE-352
6.5
6.5
2019-02-18 CVE-2019-8902 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms
An issue was discovered in idreamsoft iCMS through 7.0.14.
network
low complexity
idreamsoft CWE-352
5.7
5.7