Vulnerabilities > Idreamsoft > Icms > 7.0.14

DATE CVE VULNERABILITY TITLE RISK
2022-02-04 CVE-2021-44977 Path Traversal vulnerability in Idreamsoft Icms
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
network
low complexity
idreamsoft CWE-22
5.0
5.0
2022-02-04 CVE-2021-44978 Code Injection vulnerability in Idreamsoft Icms
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
network
low complexity
idreamsoft CWE-94
7.5
7.5
2020-12-10 CVE-2020-19527 OS Command Injection vulnerability in Idreamsoft Icms 7.0.14
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
network
low complexity
idreamsoft CWE-78
critical
 10.0
10
2019-10-14 CVE-2019-17552 SQL Injection vulnerability in Idreamsoft Icms 7.0.14
An issue was discovered in idreamsoft iCMS v7.0.14.
network
low complexity
idreamsoft CWE-89
7.5
7.5
2019-04-22 CVE-2019-11427 Cross-site Scripting vulnerability in Idreamsoft Icms 7.0.14
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.
network
idreamsoft CWE-79
4.3
4.3
2019-04-22 CVE-2019-11426 Cross-site Scripting vulnerability in Idreamsoft Icms 7.0.14
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
network
idreamsoft CWE-79
4.3
4.3
2019-02-18 CVE-2019-8902 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms
An issue was discovered in idreamsoft iCMS through 7.0.14. 		4.9
4.9