Idreamsoft: Security Vulnerabilities
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.001
Published
2023-09-08
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-10
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-10
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-10-13
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-02-04
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
CVSS Score
9.8
EPSS Score
0.027
Published
2022-02-04
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-11-12
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-05-28
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
CVSS Score
9.1
EPSS Score
0.043
Published
2021-04-30
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2020-12-10
Page 1