CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2018-14858

An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.2%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

https://github.com/idreamsoft/iCMS/issues/33
https://github.com/idreamsoft/iCMS/issues/33

Products affected by CVE-2018-14858

Icmsdev » Icms » Version: Any

cpe:2.3:a:icmsdev:icms:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-14858

Products

Pricing

Contact Us