6 matches found
EUVD-2018-10418
Malware in sbrugna...
CVE-2023-42321
Cross Site Request Forgery CSRF vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files...
CVE-2020-24739
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRFTOKEN and can still request normally, all administrators except the initial administrator will be deleted...
CVE-2018-12498
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php...
CVE-2018-10117
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP...
SQL Injection Vulnerability in iCMS v7.0.7 apps.admincp.php Page
iCMS is a free, clean, efficient, and useful PHP content management system. iCMS v7.0.7 has a SQL injection vulnerability in the apps.admincp.php page. The vulnerability stems from the orderby parameter being brought into the database for execution without any processing. An attacker can exploit...