Lucene search
K

8 matches found

Prion
Prion
added 2018/09/01 6:29 p.m.14 views

Directory traversal

idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file...

6.5CVSS7.2AI score0.02435EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/09/01 6:29 p.m.16 views

CVE-2018-16320

idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file...

7.2CVSS7.2AI score0.02435EPSS
Exploits0References1
Prion
Prion
added 2018/09/01 6:29 p.m.14 views

Crlf injection

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRFTOKEN, if CSRFTOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header...

6.8CVSS8.6AI score0.00664EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2018/09/01 6:0 p.m.36 views

CVE-2018-16314

The CVE-2018-16314 issue affects idreamsoft iCMS 7.0.11, specifically the admincp.php CSRF verification. If CSRF_TOKEN is absent, the system validates only the Referer header, which can be bypassed via a substring in admincp.php within that header. This describes a CSRF protection bypass vulnerab...

8.8CVSS8.6AI score0.00664EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/09/01 6:0 p.m.18 views

CVE-2018-16320

idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file...

7.2AI score0.02435EPSS
Exploits0References1
Prion
Prion
added 2018/08/27 4:29 a.m.19 views

Server side request forgery (ssrf)

An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spidertools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an...

5CVSS7.7AI score0.01489EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2018/08/27 4:29 a.m.19 views

CVE-2018-15895

An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spidertools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an...

7.5CVSS7.7AI score0.01489EPSS
Exploits1References1
CVE
CVE
added 2018/08/27 4:0 a.m.43 views

CVE-2018-15895

CVE-2018-15895 affects idreamsoft iCMS 7.0.11. The vulnerability is an SSRF in the remote function at app/spider/spider_tools.class.php that does not block DNS hostnames tied to private/reserved IPs (e.g., 127.0.0.1), allowing requests to internal addresses. Root cause notes link to an incomplete...

7.5CVSS7.7AI score0.01489EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder