3 matches found
CVE-2005-3574
CVE-2005-3574 affects iCMS (PHP) via index.php. The vulnerability allows remote attackers to include arbitrary files through the page parameter, enabling a network-based attack with no authentication. The CVSSv2 base metrics in the provided data indicate a MEDIUM severity, with partial confidenti...
CVE-2005-4396
The CVE-2005-4396 entry describes an XSS vulnerability in iCMS, specifically in the admin/Default.asp page, where an attacker can cause the browser to execute injected script or HTML by supplying the LoginMSG parameter. The vulnerability is confirmed in multiple sources (e.g., NVD) with a CVSS v2...
CVE-2005-4397
CVE-2005-4397 describes an SQL injection vulnerability in iCMS’s RunScript.asp where the Event_ID parameter enables remote attackers to execute arbitrary SQL commands. Public references (OSVDB, Secunia, NVD) list a CVSS v2 base score of 7.5 (HIGH) with network access, no authentication, and parti...