87 matches found
CVE-2023-39805
CVE-2023-39805 affects iCMS v7.0.16, with a SQL injection vulnerability in the where parameter of admincp.php. The issue is documented across multiple feeds; the NVD entry lists a CVSS v3.1 base score of 9.8 (CRITICAL), indicating high impact on confidentiality, integrity, and availability. The r...
CVE-2022-41496
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at admincp.php...
Server side request forgery (ssrf)
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at admincp.php...
CVE-2022-41496
CVE-2022-41496 affects iCMS v7.0.16 with a Server-Side Request Forgery (SSRF) via the url parameter in admincp.php. CVSSv3.1 base score 9.8 (CRITICAL) — network access, no user interaction required. Connected documents confirm the SSRF issue; PT-2022 offers a workaround: avoid or restrict the url...
CVE-2022-41496
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery SSRF via the url parameter at admincp.php...
PT-2022-25893 · Icms · Icms
Name of the Vulnerable Software and Affected Versions: iCMS version 7.0.16 Description: A Server-Side Request Forgery SSRF issue was discovered, which can be exploited via the url parameter at the "admincp.php" endpoint. Recommendations: For iCMS version 7.0.16, avoid using the url parameter in t...
iCMS Cross-site Request Forgery Vulnerability
iCMS is an application. An efficient and simple content management system built with PHP and MySQL. iCMS version 7.0.15 has a security vulnerability that allows attackers to perform CSRF attacks via "/admincp.php?app=members&do=add"...
CVE-2020-21141
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery CSRF via /admincp.php?app=members&do=add...
Cross site request forgery (csrf)
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery CSRF via /admincp.php?app=members&do=add...
CVE-2020-21141
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery CSRF via /admincp.php?app=members&do=add...
Integer overflow
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service resource consumption via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer...
CVE-2019-16677
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF...
CVE-2019-16677
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF...
CVE-2019-14976
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter...
Design/Logic Flaw
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter...
CVE-2019-14976
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter...
CVE-2019-14976
CVE-2019-14976 affects iCMS 7.0.15, exposing a cross-site scripting (XSS) vulnerability in the admin panel. The issue arises via the keywords parameter in admincp.php?app=apps, enabling potentially injection of malicious client-side script. Multiple connected sources (NVD/NIST entries and Red Hat...
CVE-2019-1010112
OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery CSRF. The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3...
Cross site request forgery (csrf)
OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery CSRF. The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3...
CVE-2019-1010112
OECMS v4.3.R60321 and v4.3 later is affected by: Cross Site Request Forgery CSRF. The impact is: The victim clicks on adding an administrator account. The component is: admincp.php. The attack vector is: network connectivity. The fixed version is: v4.3...