VYPR
High severity8.8NVD Advisory· Published Sep 1, 2018· Updated Jun 17, 2026

CVE-2018-16314

CVE-2018-16314

Description

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.

Affected products

2
  • Idreamsoft/Icmsinferred2 versions
    = 7.0.11+ 1 more
    • (no CPE)range: = 7.0.11
    • (no CPE)range: = 7.0.11

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.