8.8CVSS
8.7AI Score
0.001EPSS
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at...
9.8CVSS
9.7AI Score
0.001EPSS
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata...
9.8CVSS
9.8AI Score
0.001EPSS
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at...
9.8CVSS
9.5AI Score
0.003EPSS
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user...
5.7CVSS
5.6AI Score
0.001EPSS
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary...
7.5CVSS
7.4AI Score
0.002EPSS
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code...
9.8CVSS
9.7AI Score
0.007EPSS
8.8CVSS
8.8AI Score
0.001EPSS
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web...
8.8CVSS
8.8AI Score
0.001EPSS
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component...
9.1CVSS
9AI Score
0.003EPSS
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to...
9.8CVSS
9.7AI Score
0.004EPSS
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to...
9.8CVSS
9.7AI Score
0.004EPSS
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be...
6.5CVSS
6.5AI Score
0.001EPSS
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive...
7.5CVSS
7.4AI Score
0.002EPSS
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional...
9.8CVSS
9.7AI Score
0.002EPSS
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows...
6.5CVSS
6.4AI Score
0.001EPSS
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab...
6.1CVSS
5.9AI Score
0.001EPSS
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q...
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory...
7.5CVSS
7.5AI Score
0.009EPSS
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory...
7.5CVSS
7.5AI Score
0.009EPSS
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be...
9.1CVSS
8.9AI Score
0.004EPSS
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall...
7.5CVSS
7.5AI Score
0.001EPSS
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to...
9.8CVSS
9.4AI Score
0.005EPSS
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows...
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows...
8.8CVSS
8.6AI Score
0.001EPSS
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF...
8.8CVSS
8.6AI Score
0.001EPSS
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP...
7.2CVSS
7.2AI Score
0.001EPSS