RSS   Podatności dla 'ICMS'   RSS

2019-08-12
 
CVE-2019-14976

CWE-79
 
 
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.

 
2019-01-14
 
CVE-2019-6259

CWE-89
 
 
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.

 
2018-10-29
 
CVE-2018-18702

CWE-89
 
 
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.

 
2018-09-01
 
CVE-2018-16314

CWE-352
 
 
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.

 
2018-07-23
 
CVE-2018-14514

CWE-918
 
 
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.

 
2018-06-15
 
CVE-2018-12498

CWE-89
 
 
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.

 
2018-04-20
 
CVE-2018-10250

CWE-79
 
 
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.

 
2018-04-19
 
CVE-2018-10222

CWE-352
 
 
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.

 
2018-04-16
 
CVE-2018-10117

CWE-352
 
 
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.

 
2018-04-10
 
CVE-2018-9925

CWE-79
 
 
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.

 

Copyright 2024, cxsecurity.com

 

Back to Top