What is the severity of CVE-2019-7234?

The severity of CVE-2019-7234 is critical with a CVSS score of 9.1.

What is the vulnerability in idreamsoft iCMS 7.0.13?

The vulnerability in idreamsoft iCMS 7.0.13 is directory traversal via admincp.php?app=apps&do=save.

How does the vulnerability in idreamsoft iCMS 7.0.13 work?

The vulnerability in idreamsoft iCMS 7.0.13 allows directory traversal by using _app=/../ in the admincp.php?app=apps&do=save URL, leading to the creation and download of a ZIP archive file with the contents of any directory.

How can I fix the vulnerability in idreamsoft iCMS 7.0.13?

To fix the vulnerability in idreamsoft iCMS 7.0.13, update to a version that has addressed the directory traversal issue.

Where can I find more information about CVE-2019-7234?

You can find more information about CVE-2019-7234 at the following link: https://github.com/idreamsoft/iCMS/issues/51

Vulnerability/
CVE-2019-7234

critical

9.1

CWE

30/1/2019

21/11/2024

CVE-2019-7234: Path Traversal

First published: Wed Jan 30 2019(Updated: )

An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
iCMS	=7.0.13

Never miss a vulnerability like this again

Reference Links

https://github.com/idreamsoft/iCMS/issues/51

Frequently Asked Questions

What is the severity of CVE-2019-7234?
The severity of CVE-2019-7234 is critical with a CVSS score of 9.1.
What is the vulnerability in idreamsoft iCMS 7.0.13?
The vulnerability in idreamsoft iCMS 7.0.13 is directory traversal via admincp.php?app=apps&do=save.
How does the vulnerability in idreamsoft iCMS 7.0.13 work?
The vulnerability in idreamsoft iCMS 7.0.13 allows directory traversal by using _app=/../ in the admincp.php?app=apps&do=save URL, leading to the creation and download of a ZIP archive file with the contents of any directory.
How can I fix the vulnerability in idreamsoft iCMS 7.0.13?
To fix the vulnerability in idreamsoft iCMS 7.0.13, update to a version that has addressed the directory traversal issue.
Where can I find more information about CVE-2019-7234?
You can find more information about CVE-2019-7234 at the following link: https://github.com/idreamsoft/iCMS/issues/51

agent/type
collector/mitre-cve
source/MITRE
agent/severity
agent/weakness
agent/description
agent/first-publish-date
agent/references
agent/author
agent/last-modified-date
agent/softwarecombine
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-api
source/NVD
agent/software-canonical-lookup
vendor/idreamsoft
canonical/icms
version/icms/7.0.13

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.