CVE-2019-11426

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...

CVE-2025-15394

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

CVE-2025-15394

CVE-2025-15394 affects iCMS up to version 8.0.0. The vulnerability resides in the Save function of app/config/ConfigAdmincp.php (POST Parameter Handler). Manipulating the config argument results in code injection. The issue can be exploited remotely, and public exploit code is available. Multiple...

EUVD-2009-0859

Malware in sbrugna...

EUVD-2019-15825

Malware in sbrugna...

EUVD-2014-1095

Malware in sbrugna...

EUVD-2018-4542

Malware in sbrugna...

EUVD-2018-21516

Malware in sbrugna...

EUVD-2011-5239

Malware in sbrugna...

EUVD-2020-13918

Malware in sbrugna...

CVE-2011-10013

Traq versions 2.0 through 2.3 contain a remote code execution vulnerability in the admincp/common.php script. The flawed authorization logic fails to halt execution after a failed access check, allowing unauthenticated users to reach admin-only functionality. This can be exploited via plugins.php...

PT-2025-33082 · Traq · Traq

Name of the Vulnerable Software and Affected Versions: Traq versions 2.0 through 2.3 Description: Traq versions 2.0 through 2.3 contain a remote code execution issue in the admincp/common.php script. The flawed authorization logic does not halt execution after a failed access check, allowing...

Traq 安全漏洞

Traq is a PHP-based project management and issue tracking system from the individual developer Jack Polgar. A security vulnerability exists in Traq versions 2.0 through 2.3, which stems from a flaw in the authorization logic of the admincp/common.php script that could lead to remote code executio...

CVE-2022-41496

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at admincp.php...

CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...

iCMS Cross-Site Request Forgery Vulnerability

iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in iCMS version v.7.0.16. A remote attacker can exploit this vulnerability to execute arbitrary code via the user.admincp.php, members.admincp.php, and...

iCMS SQL Injection Vulnerability

iCMS is a software application. An efficient and simple content management system built with PHP and MySQL. A security vulnerability exists in iCMS v7.0.16, which originated from a SQL injection vulnerability found in the where parameter of admincp.php...

CVE-2022-41496

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at admincp.php...

CVE-2020-21141

CVE-2020-21141 affects iCMS v7.0.15 and is a Cross‑Site Request Forgery (CSRF) vulnerability exploitable via /admincp.php?app=members&do=add. The linked documents confirm the component (iCMS), version (7.0.15), and the attack class (CSRF) without specifying exploit details. NVD CVSS data indicate...

CVE-2020-18070

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...