CVE-2026-4320

Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for...

CVE-2026-4320

Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for...

CVE-2026-4320 Authorization Bypass in ICMS Content Management by Creartia Internet Consulting

Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for...

CVE-2026-4320 Authorization Bypass in ICMS Content Management by Creartia Internet Consulting

Authorization Bypass vulnerability in Creartia's ICMS software could allow an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers of the login process, causing the script to continue running and enabling privilege escalation without the need for...

CVE-2026-4320

CVE-2026-4320 involves an authorization bypass in Creartia’s ICMS software. The flaw allows an attacker to gain unauthorized access to protected features by manipulating the HTTP redirect headers during the login process, causing the script to continue running and enabling privilege escalation wi...

CVE-2026-30661

iCMS v8.0.0 contains a Cross-Site Scripting XSS vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters...

iCMS 安全漏洞

iCMS is a software application. It is a highly efficient and concise content management system built using PHP and MySQL. The iCMS v8.0.0 version has a security vulnerability, which stems from improper handling of the regip or loginip parameters by the user management component. This may lead to...

CVE-2026-30661

CVE-2026-30661 affects iCMS v8.0.0 in the User Management component (index.html). The vulnerability is a Cross-Site Scripting (XSS) flaw that allows an attacker to inject arbitrary web script or HTML via the regip or loginip parameters. The provided documents do not specify exploit details, affec...

CVE-2026-30661

iCMS v8.0.0 contains a Cross-Site Scripting XSS vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters...

CVE-2023-40953

icms 7.0.16 is vulnerable to Cross Site Request Forgery CSRF...

CVE-2018-12498

spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider=batch request to admincp.php...

CVE-2018-10250

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixincategory action, aka a WeChat Classified Management keyword search...

CVE-2018-10117

An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members=save=iPHP...

CVE-2019-11426

An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...

CVE-2020-24739

A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRFTOKEN and can still request normally, all administrators except the initial administrator will be deleted...

CVE-2025-15394

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

EUVD-2025-206086

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

CVE-2025-15394

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

CVE-2025-15394 iCMS POST Parameter ConfigAdmincp.php save code injection

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...

CVE-2025-15394 iCMS POST Parameter ConfigAdmincp.php save code injection

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and m...