VYPR

idcCMS

by idcCMS

CVEs (60)

  • CVE-2024-36548HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del

  • CVE-2024-36547HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add

  • CVE-2024-35559HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-35558HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-35556HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.

  • CVE-2024-35552HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.

  • CVE-2024-35108HigMay 15, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.

  • CVE-2024-35010HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.

  • CVE-2024-35009HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.

  • CVE-2024-35553HigMay 22, 2024
    risk 0.54cvss 8.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.

  • CVE-2024-33830HigMay 6, 2024
    risk 0.53cvss 8.1epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.

  • CVE-2022-27333HigMar 21, 2022
    risk 0.49cvss 7.5epss 0.01

    idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.

  • CVE-2024-39155MedJun 27, 2024
    risk 0.44cvss 6.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.

  • CVE-2024-34958MedMay 16, 2024
    risk 0.42cvss 6.5epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add

  • CVE-2024-35109MedMay 15, 2024
    risk 0.42cvss 6.5epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.

  • CVE-2024-40328MedJul 10, 2024
    risk 0.41cvss 6.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6

  • CVE-2024-39020MedJul 5, 2024
    risk 0.41cvss 6.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close

  • CVE-2024-35555MedMay 22, 2024
    risk 0.41cvss 6.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.

  • CVE-2024-35550MedMay 22, 2024
    risk 0.41cvss 6.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.

  • CVE-2024-35012MedMay 14, 2024
    risk 0.41cvss 6.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.