Icmsdev: Security Vulnerabilities
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-06-15
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-20
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-19
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-16
An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.
CVSS Score
5.3
EPSS Score
0.002
Published
2018-04-10
An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-04-10
An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-04-10
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-04-10
Page 2