Vulnerabilities > Idreamsoft > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-08-10 CVE-2023-39805 SQL Injection vulnerability in Idreamsoft Icms 7.0.16
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
network
low complexity
idreamsoft CWE-89
critical
 9.8
9.8
2023-08-10 CVE-2023-39806 SQL Injection vulnerability in Idreamsoft Icms 7.0.16
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
network
low complexity
idreamsoft CWE-89
critical
 9.8
9.8
2022-10-13 CVE-2022-41496 Server-Side Request Forgery (SSRF) vulnerability in Idreamsoft Icms 7.0.16
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
network
low complexity
idreamsoft CWE-918
critical
 9.8
9.8
2022-02-04 CVE-2021-44978 Code Injection vulnerability in Idreamsoft Icms
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
network
low complexity
idreamsoft CWE-94
critical
 9.8
9.8
2021-04-30 CVE-2020-18070 Path Traversal vulnerability in Idreamsoft Icms 7.0.13
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
network
low complexity
idreamsoft CWE-22
critical
 9.1
9.1
2020-12-10 CVE-2020-19527 OS Command Injection vulnerability in Idreamsoft Icms 7.0.14
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
network
low complexity
idreamsoft CWE-78
critical
 9.8
9.8
2020-12-10 CVE-2020-19142 OS Command Injection vulnerability in Idreamsoft Icms 7.0.0
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
network
low complexity
idreamsoft CWE-78
critical
 9.8
9.8
2019-10-14 CVE-2019-17552 SQL Injection vulnerability in Idreamsoft Icms 7.0.14
An issue was discovered in idreamsoft iCMS v7.0.14.
network
low complexity
idreamsoft CWE-89
critical
 9.8
9.8
2019-01-30 CVE-2019-7234 Path Traversal vulnerability in Idreamsoft Icms 7.0.13
An issue was discovered in idreamsoft iCMS 7.0.13.
network
low complexity
idreamsoft CWE-22
critical
 9.1
9.1
2019-01-29 CVE-2019-7160 Path Traversal vulnerability in Idreamsoft Icms 7.0.13
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
network
low complexity
idreamsoft CWE-22
critical
 9.8
9.8