CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Icmsdev: >> Icms >> 7.0.11 Security Vulnerabilities

CVE-2018-18702

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.

CVSS Score

9.8

EPSS Score

0.003

Published

2018-10-29

CVE-2018-16314

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.

CVSS Score

8.8

EPSS Score

0.001

Published

2018-09-01

Page 1

Vulnerabilities

Vulnerable Software

Icmsdev: >> Icms >> 7.0.11 Security Vulnerabilities

Products

Pricing

Contact Us