Vulnerabilities > Idreamsoft > Icms > 7.0.15
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-04 | CVE-2021-44977 | Path Traversal vulnerability in Idreamsoft Icms In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | 7.5 |
| 2022-02-04 | CVE-2021-44978 | Code Injection vulnerability in Idreamsoft Icms iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | 9.8 |
| 2021-11-12 | CVE-2020-21141 | Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.15 iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. | 8.8 |
| 2019-10-14 | CVE-2019-17583 | Allocation of Resources Without Limits or Throttling vulnerability in Idreamsoft Icms 7.0.15 idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer. | 7.5 |