Icms
by Idreamsoft
Source repositories
CVEs (51)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-8902 | 0.00 | — | 0.00 | Feb 18, 2019 | An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. | |||
| CVE-2019-7236 | 0.00 | — | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. | |||
| CVE-2019-7237 | 0.00 | — | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. | |||
| CVE-2019-7235 | 0.00 | — | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. | |||
| CVE-2019-7234 | 0.00 | — | 0.02 | Jan 30, 2019 | An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file… | |||
| CVE-2019-7160 | 0.00 | — | 0.03 | Jan 29, 2019 | idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. | |||
| CVE-2019-6259 | 0.00 | — | 0.02 | Jan 14, 2019 | An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. | |||
| CVE-2018-18702 | 0.00 | — | 0.01 | Oct 27, 2018 | spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | |||
| CVE-2005-4397 | 0.00 | — | 0.01 | Dec 20, 2005 | SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter. | |||
| CVE-2005-4396 | 0.00 | — | 0.01 | Dec 20, 2005 | Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources. | |||
| CVE-2005-3574 | 0.00 | — | 0.01 | Nov 16, 2005 | PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter. |
- CVE-2019-8902Feb 18, 2019risk 0.00cvss —epss 0.00
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
- CVE-2019-7236Jan 30, 2019risk 0.00cvss —epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.
- CVE-2019-7237Jan 30, 2019risk 0.00cvss —epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.
- CVE-2019-7235Jan 30, 2019risk 0.00cvss —epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.
- CVE-2019-7234Jan 30, 2019risk 0.00cvss —epss 0.02
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file…
- CVE-2019-7160Jan 29, 2019risk 0.00cvss —epss 0.03
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
- CVE-2019-6259Jan 14, 2019risk 0.00cvss —epss 0.02
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
- CVE-2018-18702Oct 27, 2018risk 0.00cvss —epss 0.01
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
- CVE-2005-4397Dec 20, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter.
- CVE-2005-4396Dec 20, 2005risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.
- CVE-2005-3574Nov 16, 2005risk 0.00cvss —epss 0.01
PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter.
Page 3 of 3