Vulnerabilities > Idreamsoft > Icms > 7.0.11

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-44977 Path Traversal vulnerability in Idreamsoft Icms
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
network
low complexity
idreamsoft CWE-22
7.5
7.5
2022-02-04 CVE-2021-44978 Code Injection vulnerability in Idreamsoft Icms
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
network
low complexity
idreamsoft CWE-94
critical
 9.8
9.8
2019-02-18 CVE-2019-8902 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms
An issue was discovered in idreamsoft iCMS through 7.0.14.
network
low complexity
idreamsoft CWE-352
5.7
5.7
2018-09-01 CVE-2018-16320 Path Traversal vulnerability in Idreamsoft Icms 7.0.11
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.
network
low complexity
idreamsoft CWE-22
7.2
7.2