VYPR

Icms

by Idreamsoft

Source repositories

CVEs (51)

  • CVE-2019-8902Feb 18, 2019
    risk 0.00cvss epss 0.00

    An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.

  • CVE-2019-7236Jan 30, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.

  • CVE-2019-7237Jan 30, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.

  • CVE-2019-7235Jan 30, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.

  • CVE-2019-7234Jan 30, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file…

  • CVE-2019-7160Jan 29, 2019
    risk 0.00cvss epss 0.03

    idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.

  • CVE-2019-6259Jan 14, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.

  • CVE-2018-18702Oct 27, 2018
    risk 0.00cvss epss 0.01

    spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.

  • CVE-2005-4397Dec 20, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in RunScript.asp iCMS allows remote attackers to execute arbitrary SQL commands via the Event_ID parameter.

  • CVE-2005-4396Dec 20, 2005
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in admin/Default.asp in iCMS allows remote attackers to inject arbitrary web script or HTML via the LoginMSG parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from third party sources.

  • CVE-2005-3574Nov 16, 2005
    risk 0.00cvss epss 0.01

    PHP file inclusion vulnerability in index.php of iCMS allows remote attackers to include arbitrary files via the page parameter.

Page 3 of 3