Vulnerabilities > Idreamsoft > Icms > High

DATE CVE VULNERABILITY TITLE RISK
2023-09-08 CVE-2023-40953 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.16
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).
network
low complexity
idreamsoft CWE-352
8.8
8.8
2022-02-04 CVE-2021-44978 Code Injection vulnerability in Idreamsoft Icms
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
network
low complexity
idreamsoft CWE-94
7.5
7.5
2019-10-14 CVE-2019-17552 SQL Injection vulnerability in Idreamsoft Icms 7.0.14
An issue was discovered in idreamsoft iCMS v7.0.14.
network
low complexity
idreamsoft CWE-89
7.5
7.5
2019-01-29 CVE-2019-7160 Path Traversal vulnerability in Idreamsoft Icms 7.0.13
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
network
low complexity
idreamsoft CWE-22
7.5
7.5