9 matches found
CVE-2018-10250
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixincategory action, aka a WeChat Classified Management keyword search...
CVE-2018-12498
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php...
Sql injection
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php...
CVE-2018-12498
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php...
CVE-2018-12498
CVE-2018-12498 affects iCMS v7.0.8. The flaw is a SQL injection in spider.admincp.php triggered by the id parameter in an app=spider&do=batch request to admincp.php, enabling arbitrary SQL execution through that parameter. The root cause is improper handling/validation of user-supplied input in t...
Design/Logic Flaw
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixincategory action, aka a WeChat Classified Management keyword search...
CVE-2018-10250
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixincategory action, aka a WeChat Classified Management keyword search...
CVE-2018-10250
iCMS v7.0.8 contains a Cross-Site Scripting (XSS) vulnerability in the weixin_category action, exploited via the admincp.php keywords parameter. The issue arises from insufficient sanitization of the keywords input, enabling injection of arbitrary script/HTML when interacting with the WeChat Clas...
CVE-2018-10250
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixincategory action, aka a WeChat Classified Management keyword search...