Shodan
Vulnerabilities
Vulnerable Software
Icmsdev:  Security Vulnerabilities
CVE-2023-42321
Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.
CVSS Score
8.8
EPSS Score
0.008
Published
2023-09-20
CVE-2023-42322
Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.
CVSS Score
9.8
EPSS Score
0.006
Published
2023-09-20
CVE-2019-14976
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-08-12
CVE-2019-6259
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-01-14
CVE-2018-18702
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-10-29
CVE-2018-16314
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-09-01
CVE-2018-15895
An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-08-27
CVE-2018-14858
An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514.
CVSS Score
7.5
EPSS Score
0.004
Published
2018-08-02
CVE-2018-14514
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
CVSS Score
9.8
EPSS Score
0.005
Published
2018-07-23
CVE-2018-14415
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-07-20


Products
Pricing
Contact Us

Shodan ® - All rights reserved