RSS   Vulnerabilities for 'ICMS'   RSS

2022-02-04
 
CVE-2021-44977

CWE-22
 

 
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.

 
 
CVE-2021-44978

CWE-94
 

 
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.

 
2021-11-12
 
CVE-2020-21141

CWE-352
 

 
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.

 
2021-05-28
 
CVE-2020-26641

CWE-352
 

 
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.

 
2021-04-30
 
CVE-2020-18070

CWE-22
 

 
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".

 
2020-12-10
 
CVE-2020-19527

CWE-78
 

 
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.

 
 
CVE-2020-19142

CWE-78
 

 
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.

 
2020-09-10
 
CVE-2020-24739

CWE-352
 

 
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.

 
2019-09-21
 
CVE-2019-16677

CWE-352
 

 
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.

 
2019-04-22
 
CVE-2019-11427

CWE-79
 

 
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.

 


Copyright 2024, cxsecurity.com

 

Back to Top