Icms Security Vulnerabilities and Issues — Icms CVE List

Lucene search

IcmsdevIcms

5 matches found

CVE•added 2018/04/16 9:58 a.m.•34 views

CVE-2018-10117

An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.

8.8CVSS8.6AI score0.00122EPSS

CVE•added 2023/09/20 9:15 p.m.•33 views

CVE-2023-42321

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.

8.8CVSS9AI score0.00846EPSS

CVE•added 2018/04/19 8:29 a.m.•30 views

CVE-2018-10222

An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.

8.8CVSS8.6AI score0.00145EPSS

CVE•added 2018/04/10 6:29 a.m.•28 views

CVE-2018-9923

An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.

8.8CVSS8.6AI score0.00145EPSS

CVE•added 2018/09/01 6:29 p.m.•23 views

CVE-2018-16314

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.

8.8CVSS8.6AI score0.00145EPSS