Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Icms
(Idreamsoft)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 28 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2019-01-29 | CVE-2019-7160 | idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | Icms | 9.8 | ||
2019-04-22 | CVE-2019-11427 | An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. | Icms | 6.1 | ||
2019-04-22 | CVE-2019-11426 | An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. | Icms | 6.1 | ||
2018-09-02 | CVE-2018-16366 | An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. | Icms | 8.8 | ||
2018-09-02 | CVE-2018-16365 | An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. | Icms | 8.8 | ||
2018-09-02 | CVE-2018-16332 | An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. | Icms | 8.8 | ||
2018-09-01 | CVE-2018-16320 | idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. | Icms | 7.2 | ||
2018-07-10 | CVE-2018-13865 | An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. | Icms | 6.1 |