Product:

Icms

(Icmsdev)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 18
Date Id Summary Products Score Patch Annotated
2018-08-27 CVE-2018-15895 An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. Icms 7.5
2018-08-02 CVE-2018-14858 An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514. Icms 7.5
2018-07-23 CVE-2018-14514 An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. Icms 9.8
2018-07-19 CVE-2018-14415 An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. Icms 6.1
2018-06-15 CVE-2018-12498 spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. Icms 9.8
2018-04-20 CVE-2018-10250 iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search. Icms 5.4
2018-04-19 CVE-2018-10222 An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP. Icms 8.8
2018-04-16 CVE-2018-10117 An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. Icms 8.8