Vulnerabilities > Idreamsoft > Icms > 7.0.14
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2021-44977 | Path Traversal vulnerability in Idreamsoft Icms In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | 7.5 |
| 2022-02-04 | CVE-2021-44978 | Code Injection vulnerability in Idreamsoft Icms iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | 9.8 |
| 2020-12-10 | CVE-2020-19527 | OS Command Injection vulnerability in Idreamsoft Icms 7.0.14 iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. | 9.8 |
| 2019-10-14 | CVE-2019-17552 | SQL Injection vulnerability in Idreamsoft Icms 7.0.14 An issue was discovered in idreamsoft iCMS v7.0.14. | 9.8 |
| 2019-04-22 | CVE-2019-11427 | Cross-site Scripting vulnerability in Idreamsoft Icms 7.0.14 An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. | 6.1 |
| 2019-04-22 | CVE-2019-11426 | Cross-site Scripting vulnerability in Idreamsoft Icms 7.0.14 An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. | 6.1 |
| 2019-02-18 | CVE-2019-8902 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms An issue was discovered in idreamsoft iCMS through 7.0.14. | 5.7 |