10 matches found
CVE-2020-19527
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...
CVE-2020-19527
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...
CVE-2020-19527
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...
Design/Logic Flaw
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...
CVE-2020-19527
CVE-2020-19527 affects iCMS 7.0.14. An attacker can execute arbitrary OS commands by injecting shell metacharacters into the DB_NAME parameter in install/install.php. Documented impact is critical (C/H/I/A) with network attack vector and no user interaction. No remediation/version details are pro...
CVE-2020-19527
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DBNAME parameter to install/install.php...
CVE-2019-11427
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter...
Cross site scripting
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter...
Cross site scripting
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter...
CVE-2019-11427
The CVE-2019-11427 entry concerns an XSS vulnerability in idreamsoft iCMS 7.0.14, exploitable via the public/api.php?app=search&q parameter within the file app/search/search.app.php. Connected sources consistently describe the issue as a Cross-Site Scripting vulnerability in iCMS 7.0.14, with no ...