Vulnerabilities > Idreamsoft

DATE CVE VULNERABILITY TITLE RISK
2020-12-10 CVE-2020-19142 OS Command Injection vulnerability in Idreamsoft Icms 7.0.0
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
network
low complexity
idreamsoft CWE-78
critical
10.0
2020-09-10 CVE-2020-24739 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.0
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account.
4.3
2019-10-14 CVE-2019-17583 Allocation of Resources Without Limits or Throttling vulnerability in Idreamsoft Icms 7.0.15
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.
network
low complexity
idreamsoft CWE-770
5.0
2019-10-14 CVE-2019-17552 SQL Injection vulnerability in Idreamsoft Icms 7.0.14
An issue was discovered in idreamsoft iCMS v7.0.14.
network
low complexity
idreamsoft CWE-89
7.5
2019-09-21 CVE-2019-16677 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms 7.0.0
An issue was discovered in idreamsoft iCMS V7.0.
5.8
2019-04-22 CVE-2019-11427 Cross-site Scripting vulnerability in Idreamsoft Icms 7.0.14
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.
network
idreamsoft CWE-79
4.3
2019-04-22 CVE-2019-11426 Cross-site Scripting vulnerability in Idreamsoft Icms 7.0.14
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
network
idreamsoft CWE-79
4.3
2019-02-18 CVE-2019-8902 Cross-Site Request Forgery (CSRF) vulnerability in Idreamsoft Icms
An issue was discovered in idreamsoft iCMS through 7.0.14.
4.9
2019-01-30 CVE-2019-7237 Path Traversal vulnerability in Idreamsoft Icms 7.0.13
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows.
network
low complexity
idreamsoft microsoft CWE-22
5.0
2019-01-30 CVE-2019-7236 Path Traversal vulnerability in Idreamsoft Icms 7.0.13
An issue was discovered in idreamsoft iCMS 7.0.13.
network
low complexity
idreamsoft CWE-22
5.0