Cross site scripting

An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen...

CVE-2018-14415

An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen...

Sql injection

spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php...

CVE-2018-12498

spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php...

CVE-2018-12498

spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php...

CVE-2018-12498

CVE-2018-12498 affects iCMS v7.0.8. The flaw is a SQL injection in spider.admincp.php triggered by the id parameter in an app=spider&do=batch request to admincp.php, enabling arbitrary SQL execution through that parameter. The root cause is improper handling/validation of user-supplied input in t...

CVE-2018-10250

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixincategory action, aka a WeChat Classified Management keyword search...

CVE-2018-10250

iCMS v7.0.8 contains a Cross-Site Scripting (XSS) vulnerability in the weixin_category action, exploited via the admincp.php keywords parameter. The issue arises from insufficient sanitization of the keywords input, enabling injection of arbitrary script/HTML when interacting with the WeChat Clas...

CVE-2018-10222

An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=articlecategory&do=save&frame=iPHP...

CVE-2018-10117

An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP...

Sql injection

An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request...

Cross site request forgery (csrf)

An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request...

CVE-2018-9924

An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request...

CVE-2018-9923

An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request...

CVE-2018-9924

An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request...

CVE-2018-9923

CVE-2018-9923 affects idreamsoft iCMS up to version 7.0.7. The vulnerability is a CSRF in admincp.php that allows an attacker to add an article by sending a crafted request such as app=article&do=save&frame=iPHP. This is described in multiple sources (NVD/NVD mirror and CVE records) and is action...

CVE-2018-9924

CVE-2018-9924 affects idreamsoft iCMS up to version 7.0.7. The vulnerability is a SQL injection via the pid array parameter in admincp.php?app=tag&do=save&frame=iPHP. Exploitation details are not provided beyond the description; the CVSS metrics in the entry indicate high/critical impact (CRITICA...

Discuz 7.2 admincp.php 反射型 xss漏洞

漏洞描述：Discuz! 7.X系列一处问题引发大面积XSS，基本上全部页面和文件都能触发。Discuz! 7.2,7.1,7.0三个版本都受影响漏洞分析：这里拿Discuz! 7.2做分析比如Discuz! 7.2安装包里面的第二个文件就是ajax.php注意最后一行的showmessage函数，跟进include/global.func.php文件。...

RoseOnlineCMS <= 3 B1 (admin) Local File Inclusion

漏洞出现在modules/admincp.php中 Click here to go back home'; obendflush; ? $admin直接通过GET方式获取 没有经过过滤 后面直接用include包含了 所以在PHP5.3的情况下 可以 通过%00截断 达到任意文件包含 payload http://0.0.0.0/modules/admincp.php?admin=LFI%00 '/ -.- --------------------oOO------OOo------------------- | RoseOnlineCMS = 3 B1 admin Local Fil...

ABCMS news publishing system vulnerabilities and fixes-vulnerability warning-the black bar safety net

// APP/Controller/Admincp.php function actionliulan //Administrator information $nowindex = $GET'page' ? $GET'page' :1; //Get the data query from the first few bars begin to take the data $page = $GET'page' ? $GET'page'-16 : 0; //Query the data $liulan = $this-admin-findAll",'id desc',array6,$pag...