87 matches found
CVE-2019-1010112
OECMS v4.3.R60321 and later is affected by a Cross Site Request Forgery (CSRF) vulnerability in admincp.php. The attack vector is network connectivity, and the impact is that a victim could be tricked into adding an administrator account. The fixed version is v4.3. This CVE entry corresponds to C...
Directory traversal
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request...
Directory traversal
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloade...
CVE-2019-7235
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request...
CVE-2019-7234
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloade...
CVE-2019-7235
The CVE-2019-7235 entry concerns idreamsoft iCMS 7.0.13. A directory traversal flaw exists in admincp.php?app=apps&do=save that can be triggered through _app=/../ to designate an arbitrary directory; this path can then be deleted via an admincp.php?app=apps&do=uninstall request. The connected doc...
CVE-2019-7234
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloade...
CVE-2018-16366
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF...
Cross site request forgery (csrf)
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF...
CVE-2018-16365
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF...
CVE-2018-16366
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF...
CVE-2018-16332
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability...
CVE-2018-16332
CVE-2018-16332 affects iCMS 7.0.9 with a CSRF vulnerability in admincp.php?app=article&do=update. Connected sources describe an attack enabling remote exploitation to coerce administrators to review/approve articles; CVSS3 base score 8.8 (HIGH) with network attack vector, user interaction require...
Crlf injection
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRFTOKEN, if CSRFTOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header...
CVE-2018-16314
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRFTOKEN, if CSRFTOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header...
CVE-2018-16320
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file...
CVE-2018-16320
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file...
CVE-2018-16314
The CVE-2018-16314 issue affects idreamsoft iCMS 7.0.11, specifically the admincp.php CSRF verification. If CSRF_TOKEN is absent, the system validates only the Referer header, which can be bypassed via a substring in admincp.php within that header. This describes a CSRF protection bypass vulnerab...
CVE-2018-16320
CVE-2018-16320 affects idreamsoft iCMS 7.0.11. A directory traversal flaw in admincp.php?app=config enables arbitrary PHP code execution from a ZIP file. Root cause: path traversal in the configuration admin endpoint. Impact: arbitrary code execution; exploitation status is not provided in the do...
CVE-2018-14415
An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen...