Icms@7.0.11 Security Vulnerabilities and Issues — Icms@7.0.11 CVE List

Lucene search

IcmsdevIcms7.0.11

2 matches found

CVE•added 2018/10/29 12:29 p.m.•30 views

CVE-2018-18702

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.

9.8CVSS9.8AI score0.00264EPSS

CVE•added 2018/09/01 6:29 p.m.•23 views

CVE-2018-16314

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.

8.8CVSS8.6AI score0.00145EPSS