Lucene search
K
IdreamsoftIcms

30 matches found

CVE
CVE
added 2019/09/21 7:51 p.m.80 views

CVE-2019-16677

CVE-2019-16677 affects idreamsoft iCMS 7.0; the vulnerability is a CSRF flaw in admincp.php?app=members&do=del. The connected records corroborate a CSRF issue but do not provide exploit details, affected versions beyond iCMS V7.0, or remediation steps. MITRE/ATT&CK mappings are not specified in t...

6.5CVSS6.4AI score0.00472EPSS
CVE
CVE
added 2021/05/28 7:58 p.m.71 views

CVE-2020-26641

CVE-2020-26641: CSRF vulnerability in iCMS 7.0.16 could allow an attacker to execute arbitrary web scripts. The connected sources confirm iCMS 7.0.16 is affected; no remediation details are provided in these documents. Exploitation status, affected versions beyond 7.0.16, and fixes are not specif...

8.8CVSS8.8AI score0.00518EPSS
CVE
CVE
added 2019/10/14 3:47 p.m.64 views

CVE-2019-17583

This CVE affects idreamsoft iCMS 7.0.15 . The vulnerability is a Denial of Service via a crafted request that abuses the comment query in admincp.php (app=comment&perpage=...), causing resource consumption when querying many comments. Root cause is not explicitly detailed beyond a large positive ...

7.5CVSS7.4AI score0.01259EPSS
CVE
CVE
added 2021/04/29 11:28 p.m.61 views

CVE-2020-18070

CVE-2020-18070 : In iCMS v7.0.13, a path traversal vulnerability in the PHP component database.admincp.php lets remote attackers delete folders by injecting commands in a crafted HTTP request to the do_del() method. Impact per CVSS indicates high integrity and availability impact (I/H, A/H) with ...

9.1CVSS9AI score0.02218EPSS
CVE
CVE
added 2019/02/18 2:0 p.m.56 views

CVE-2019-8902

idreamsoft iCMS

5.7CVSS5.6AI score0.00381EPSS
Web
CVE
CVE
added 2019/01/29 4:0 p.m.54 views

CVE-2019-7160

CVE-2019-7160 affects idreamsoft iCMS 7.0.13. The vulnerability is a Directory Traversal in which an attacker can reach admincp.php?app=files with the udir parameter and files.admincp.php, enabling arbitrary PHP code execution from a ZIP file passed via admincp.php?app=apps with the zipfile param...

9.8CVSS9.4AI score0.03354EPSS
CVE
CVE
added 2022/02/04 3:35 p.m.54 views

CVE-2021-44977

The CVE-2021-44977 entry concerns iCMS versions up to and including 8.0.0, where a directory traversal flaw allows an attacker to read arbitrary files. The vulnerability stems from an issue in iCMS that enables traversal of the server’s file system, potentially exposing sensitive data. No explici...

7.5CVSS7.4AI score0.01607EPSS
CVE
CVE
added 2022/02/04 3:29 p.m.52 views

CVE-2021-44978

Summary: CVE-2021-44978 affects iCMS

9.8CVSS9.7AI score0.02166EPSS
CVE
CVE
added 2023/08/10 12:0 a.m.52 views

CVE-2023-39805

CVE-2023-39805 affects iCMS v7.0.16, with a SQL injection vulnerability in the where parameter of admincp.php. The issue is documented across multiple feeds; the NVD entry lists a CVSS v3.1 base score of 9.8 (CRITICAL), indicating high impact on confidentiality, integrity, and availability. The r...

9.8CVSS9.7AI score0.00593EPSS
CVE
CVE
added 2023/09/08 12:0 a.m.49 views

CVE-2023-40953

Affected software: iCMS 7.0.16. Vulnerability: Cross-Site Request Forgery (CSRF). Root cause (per sources): do_save() does not adequately verify that a request originates from a trusted user. Impact (as described): an attacker could forge a malicious request and trick a logged-in user into perfor...

8.8CVSS8.7AI score0.00236EPSS
CVE
CVE
added 2019/04/21 9:35 p.m.48 views

CVE-2019-11427

The CVE-2019-11427 entry concerns an XSS vulnerability in idreamsoft iCMS 7.0.14, exploitable via the public/api.php?app=search&q parameter within the file app/search/search.app.php. Connected sources consistently describe the issue as a Cross-Site Scripting vulnerability in iCMS 7.0.14, with no ...

6.1CVSS5.9AI score0.00826EPSS
Web
CVE
CVE
added 2019/01/30 9:0 p.m.48 views

CVE-2019-7235

The CVE-2019-7235 entry concerns idreamsoft iCMS 7.0.13. A directory traversal flaw exists in admincp.php?app=apps&do=save that can be triggered through _app=/../ to designate an arbitrary directory; this path can then be deleted via an admincp.php?app=apps&do=uninstall request. The connected doc...

7.5CVSS7.5AI score0.02476EPSS
CVE
CVE
added 2023/08/10 12:0 a.m.48 views

CVE-2023-39806

CVE-2023-39806 affects iCMS v7.0.16 with a SQL injection vulnerability in the bakupdata function. Reported in multiple sources, it yields a high/critical impact (CVSS v3.1: 9.8) via network access and no privileges required. The vulnerability concerns the bakupdata function, enabling potential SQ...

9.8CVSS9.8AI score0.00593EPSS
CVE
CVE
added 2019/10/14 12:32 p.m.47 views

CVE-2019-17552

Concrete details found: CVE-2019-17552 affects idreamsoft iCMS v7.0.14. The vulnerability is a SQL injection in spider_project.admincp.php during the 'upload spider project scheme' feature, exploitable via a two-dimensional payload. The issue is documented across multiple sources (NVD, Red Hat, C...

9.8CVSS9.7AI score0.01095EPSS
CVE
CVE
added 2020/12/10 9:7 p.m.47 views

CVE-2020-19142

The CVE-2020-19142 entry describes a vulnerability in iCMS 7 where an attacker can execute arbitrary OS commands by injecting shell metacharacters into the DB_PREFIX parameter used by install/install.php. The issue permits unauthenticated remote command execution with high to critical impact (as ...

10CVSS9.7AI score0.01534EPSS
Web
CVE
CVE
added 2022/10/13 12:0 a.m.46 views

CVE-2022-41496

CVE-2022-41496 affects iCMS v7.0.16 with a Server-Side Request Forgery (SSRF) via the url parameter in admincp.php. CVSSv3.1 base score 9.8 (CRITICAL) — network access, no user interaction required. Connected documents confirm the SSRF issue; PT-2022 offers a workaround: avoid or restrict the url...

9.8CVSS9.5AI score0.0089EPSS
CVE
CVE
added 2018/09/02 3:0 a.m.43 views

CVE-2018-16332

CVE-2018-16332 affects iCMS 7.0.9 with a CSRF vulnerability in admincp.php?app=article&do=update. Connected sources describe an attack enabling remote exploitation to coerce administrators to review/approve articles; CVSS3 base score 8.8 (HIGH) with network attack vector, user interaction require...

8.8CVSS8.6AI score0.00614EPSS
CVE
CVE
added 2019/04/21 9:35 p.m.43 views

CVE-2019-11426

CVE-2019-11426 is an XSS vulnerability affecting idreamsoft iCMS 7.0.14, exploitable via the admincp.php?app=config tab parameter in app/admincp/template/admincp.header.php. The issue is documented across multiple connected sources (NVD/Red Hat/EUVD/CVE listings) with CVSS metadata indicating MED...

6.1CVSS5.9AI score0.00826EPSS
Web
CVE
CVE
added 2020/12/10 9:6 p.m.43 views

CVE-2020-19527

CVE-2020-19527 affects iCMS 7.0.14. An attacker can execute arbitrary OS commands by injecting shell metacharacters into the DB_NAME parameter in install/install.php. Documented impact is critical (C/H/I/A) with network attack vector and no user interaction. No remediation/version details are pro...

10CVSS9.7AI score0.01534EPSS
Web
CVE
CVE
added 2019/01/30 9:0 p.m.42 views

CVE-2019-7234

The CVE-2019-7234 entry affects idreamsoft iCMS 7.0.13. The vulnerability stems from an error in admincp.php?app=apps&do=save (via _app=/../ in apps.admincp.php) that enables directory traversal, permitting creation of a ZIP archive containing contents of an arbitrary directory, which can then be...

9.1CVSS8.9AI score0.02231EPSS
CVE
CVE
added 2018/09/02 10:0 p.m.41 views

CVE-2018-16365

CVE-2018-16365 : In idreamsoft iCMS v7.0.10, the admincp.php?app=group&do=save endpoint is vulnerable to Cross-Site Request Forgery (CSRF). The CNVD entry notes this CSRF can be exploited to add an administrator account, indicating a real impact vector affecting CMS login/privilege management. Af...

8.8CVSS8.6AI score0.00614EPSS
CVE
CVE
added 2019/01/30 9:0 p.m.41 views

CVE-2019-7236

The CVE-2019-7236 issue affects idreamsoft iCMS 7.0.13 . The vulnerability is a directory traversal in the file editor/editor.admincp.php, exploitable via a payload that manipulates dir=../ to view files outside the intended directory. Core description in CNVD-2019-12125 confirms the vulnerabilit...

7.5CVSS7.5AI score0.02247EPSS
Web
CVE
CVE
added 2018/07/10 8:0 p.m.40 views

CVE-2018-13865

The CVE concerns idreamsoft iCMS 7.0.9. A cross-site scripting (XSS) flaw exists via the callback parameter in the public/api.php uploadpic endpoint, which bypasses the iWAF protection mechanism. This configuration allows arbitrary script execution in contexts relying on the affected API. No expl...

6.1CVSS5.9AI score0.01032EPSS
Web
CVE
CVE
added 2018/09/02 10:0 p.m.39 views

CVE-2018-16366

CVE-2018-16366 affects idreamsoft iCMS v7.0.10. The connected documents confirm a Cross-Site Request Forgery (CSRF) in admincp.php?app=user&do=save, enabling an attacker to perform privileged actions. One CNVD record notes an exploit path where a remote attacker could add an administrator account...

8.8CVSS8.6AI score0.00614EPSS
CVE
CVE
added 2018/09/01 6:0 p.m.38 views

CVE-2018-16320

CVE-2018-16320 affects idreamsoft iCMS 7.0.11. A directory traversal flaw in admincp.php?app=config enables arbitrary PHP code execution from a ZIP file. Root cause: path traversal in the configuration admin endpoint. Impact: arbitrary code execution; exploitation status is not provided in the do...

7.2CVSS7.2AI score0.02435EPSS
CVE
CVE
added 2019/01/30 9:0 p.m.38 views

CVE-2019-7237

CVE-2019-7237 affects idreamsoft iCMS 7.0.13 on Windows. The vulnerability is a Directory Traversal in editor/editor.admincp.php, exploitable via a crafted path (admincp.php?app=files&do=browse ..) to view files outside the intended directory. CNVD/CNVD-2019-12124 and CNVD entries describe the sa...

7.5CVSS7.5AI score0.02247EPSS
Web
CVE
CVE
added 2020/09/10 1:17 p.m.36 views

CVE-2020-24739

CVE-2020-24739 describes a CSRF flaw in iCMS v7.0.0 where, if the CSRF_TOKEN is missing, a background deletion action can delete all administrator accounts except the initial admin. This vulnerability is documented by multiple sources (Red Hat, CNVD, NVD, CVE lists) with the same basic descriptio...

6.5CVSS6.5AI score0.00402EPSS
CVE
CVE
added 2021/11/12 9:57 p.m.34 views

CVE-2020-21141

CVE-2020-21141 affects iCMS v7.0.15 and is a Cross‑Site Request Forgery (CSRF) vulnerability exploitable via /admincp.php?app=members&do=add. The linked documents confirm the component (iCMS), version (7.0.15), and the attack class (CSRF) without specifying exploit details. NVD CVSS data indicate...

8.8CVSS8.8AI score0.00537EPSS
CVE
CVE
added 2026/03/24 12:0 a.m.16 views

CVE-2026-30661

CVE-2026-30661 affects iCMS v8.0.0 in the User Management component (index.html). The vulnerability is a Cross-Site Scripting (XSS) flaw that allows an attacker to inject arbitrary web script or HTML via the regip or loginip parameters. The provided documents do not specify exploit details, affec...

6.1CVSS6.1AI score0.00205EPSS
CVE
CVE
added 2025/12/31 7:2 p.m.14 views

CVE-2025-15394

CVE-2025-15394 affects iCMS up to version 8.0.0. The vulnerability resides in the Save function of app/config/ConfigAdmincp.php (POST Parameter Handler). Manipulating the config argument results in code injection. The issue can be exploited remotely, and public exploit code is available. Multiple...

7.2CVSS6.7AI score0.00404EPSS
Web