Vulnerabilities for ICMS (...) - CXSECURITY.COM

Vulnerabilities for 'ICMS'

2019-08-12

CVE-2019-14976

CWE-79

iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.

2019-01-14

CVE-2019-6259

CWE-89

An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.

2018-10-29

CVE-2018-18702

CWE-89

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.

2018-09-01

CVE-2018-16314

CWE-352

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.

2018-07-23

CVE-2018-14514

CWE-918

An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.

2018-06-15

CVE-2018-12498

CWE-89

spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.

2018-04-20

CVE-2018-10250

CWE-79

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.

2018-04-19

CVE-2018-10222

CWE-352

An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.

2018-04-16

CVE-2018-10117

CWE-352

An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.

2018-04-10

CVE-2018-9925

CWE-79

An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.

Copyright 2024, cxsecurity.com