Vulnerabilities > Idreamsoft > Icms > 7.0.16

DATE CVE VULNERABILITY TITLE RISK
2023-09-08 CVE-2023-40953 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.16
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).
network
low complexity
idreamsoft CWE-352
8.8
8.8
2023-08-10 CVE-2023-39805 SQL Injection vulnerability in Idreamsoft Icms 7.0.16
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
network
low complexity
idreamsoft CWE-89
critical
 9.8
9.8
2023-08-10 CVE-2023-39806 SQL Injection vulnerability in Idreamsoft Icms 7.0.16
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
network
low complexity
idreamsoft CWE-89
critical
 9.8
9.8
2022-10-13 CVE-2022-41496 Server-Side Request Forgery (SSRF) vulnerability in Idreamsoft Icms 7.0.16
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
network
low complexity
idreamsoft CWE-918
critical
 9.8
9.8
2022-02-04 CVE-2021-44977 Path Traversal vulnerability in Idreamsoft Icms
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
network
low complexity
idreamsoft CWE-22
5.0
5.0
2022-02-04 CVE-2021-44978 Code Injection vulnerability in Idreamsoft Icms
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
network
low complexity
idreamsoft CWE-94
7.5
7.5
2021-05-28 CVE-2020-26641 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.16
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts. 		6.8
6.8