CVEDB API

Vulnerabilities

Vulnerable Software

Idreamsoft: Security Vulnerabilities

CVE-2019-7234

An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request.

CVSS Score

9.1

EPSS Score

0.012

Published

2019-01-30

CVE-2019-7235

An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.

CVSS Score

7.5

EPSS Score

0.005

Published

2019-01-30

CVE-2019-7236

An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.

CVSS Score

7.5

EPSS Score

0.01

Published

2019-01-30

CVE-2019-7237

An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.

CVSS Score

7.5

EPSS Score

0.01

Published

2019-01-30

CVE-2019-7160

idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.

CVSS Score

9.8

EPSS Score

0.011

Published

2019-01-29

CVE-2018-16366

An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.

CVSS Score

8.8

EPSS Score

0.001

Published

2018-09-02

CVE-2018-16365

An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.

CVSS Score

8.8

EPSS Score

0.001

Published

2018-09-02

CVE-2018-16332

An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.

CVSS Score

8.8

EPSS Score

0.001

Published

2018-09-02

CVE-2018-16320

idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.

CVSS Score

7.2

EPSS Score

0.008

Published

2018-09-01

CVE-2018-13865

An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.

CVSS Score

6.1

EPSS Score

0.002

Published

2018-07-10

Prev Next

Page 3

Vulnerabilities

Vulnerable Software

Idreamsoft: Security Vulnerabilities

Products

Pricing

Contact Us