Idreamsoft: Security Vulnerabilities
An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-01-30
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-01-30
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
CVSS Score
9.8
EPSS Score
0.015
Published
2019-01-29
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-02
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.
CVSS Score
7.2
EPSS Score
0.008
Published
2018-09-01
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-10
Page 3