Latest idreamsoft icms Vulnerabilities

CVE-2023-40953
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).
idreamsoft iCMS=7.0.16
CVE-2023-39805
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
idreamsoft iCMS=7.0.16
CVE-2023-39806
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
idreamsoft iCMS=7.0.16
CVE-2022-41496
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
idreamsoft iCMS=7.0.16
CVE-2021-44978
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
idreamsoft iCMS<=8.0.0
CVE-2021-44977
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
idreamsoft iCMS<=8.0.0
CVE-2020-21141
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
idreamsoft iCMS=7.0.15
CVE-2020-26641
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.
idreamsoft iCMS=7.0.16
CVE-2020-18070
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
idreamsoft iCMS=7.0.13
CVE-2020-19142
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
idreamsoft iCMS=7.0.0
CVE-2020-19527
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
idreamsoft iCMS=7.0.14
CVE-2020-24739
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial admini...
idreamsoft iCMS=7.0.0
CVE-2019-17583
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring foll...
idreamsoft iCMS=7.0.15
CVE-2019-17552
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
idreamsoft iCMS=7.0.14
CVE-2019-16677
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
idreamsoft iCMS=7.0.0
CVE-2019-11427
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.
idreamsoft iCMS=7.0.14
CVE-2019-11426
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
idreamsoft iCMS=7.0.14
CVE-2019-8902
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
idreamsoft iCMS<=7.0.14
CVE-2019-7237
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.
idreamsoft iCMS=7.0.13
Microsoft Windows
CVE-2019-7235
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This ...
idreamsoft iCMS=7.0.13
CVE-2019-7236
idreamsoft iCMS=7.0.13
CVE-2019-7234
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents ...
idreamsoft iCMS=7.0.13
CVE-2019-7160
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.ph...
idreamsoft iCMS=7.0.13
CVE-2018-16366
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
idreamsoft iCMS=7.0.10
CVE-2018-16365
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
idreamsoft iCMS=7.0.10
CVE-2018-16320
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.
idreamsoft iCMS=7.0.11
CVE-2018-13865
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.
idreamsoft iCMS=7.0.9

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203