Icms Security Vulnerabilities and Issues — Icms CVE List

Lucene search

IcmsdevIcms

7 matches found

CVE•added 2018/04/10 6:29 a.m.•38 views

CVE-2018-9924

An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.

9.8CVSS9.8AI score0.00264EPSS

CVE•added 2018/04/16 9:58 a.m.•34 views

CVE-2018-10117

An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.

8.8CVSS8.6AI score0.00122EPSS

CVE•added 2018/04/10 6:29 a.m.•34 views

CVE-2018-9925

An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2018/04/19 8:29 a.m.•30 views

CVE-2018-10222

An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.

8.8CVSS8.6AI score0.00145EPSS

CVE•added 2018/04/20 6:29 p.m.•30 views

CVE-2018-10250

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.

5.4CVSS5.2AI score0.00206EPSS

CVE•added 2018/04/10 6:29 a.m.•30 views

CVE-2018-9922

An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.

5.3CVSS5.3AI score0.00232EPSS

CVE•added 2018/04/10 6:29 a.m.•28 views

CVE-2018-9923

An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.

8.8CVSS8.6AI score0.00145EPSS