idcCMS

CVEs (59)

CVE	Vendor / Product	CVSS	EPSS	Published	Description
CVE-2024-35556	idcCMS idcCMS	—	0.00	May 22, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.
CVE-2024-35554	idcCMS idcCMS	—	0.00	May 22, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.
CVE-2024-35553	idcCMS idcCMS	—	0.00	May 22, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35552	idcCMS idcCMS	—	0.00	May 22, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.
CVE-2024-35551	idcCMS idcCMS	—	0.00	May 22, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.
CVE-2024-35550	idcCMS idcCMS	—	0.00	May 22, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.
CVE-2024-34957	idcCMS idcCMS	—	0.00	May 16, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
CVE-2024-34958	idcCMS idcCMS	—	0.03	May 16, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add
CVE-2024-35039	idcCMS idcCMS	—	0.00	May 16, 2024	idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.
CVE-2024-35109	idcCMS idcCMS	—	0.00	May 15, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35108	idcCMS idcCMS	—	0.00	May 15, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
CVE-2024-35012	idcCMS idcCMS	—	0.00	May 14, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35011	idcCMS idcCMS	—	0.00	May 14, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.
CVE-2024-35010	idcCMS idcCMS	—	0.00	May 14, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.
CVE-2024-35009	idcCMS idcCMS	—	0.00	May 14, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
CVE-2024-33830	idcCMS idcCMS	—	0.00	May 6, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.
CVE-2024-33829	idcCMS idcCMS	—	0.00	May 6, 2024	idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.
CVE-2024-4172	idcCMS idcCMS	—	0.00	Apr 25, 2024	A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991.
CVE-2022-27333	idcCMS idcCMS	—	0.00	Mar 21, 2022	idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.

CVE-2024-35556May 22, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.
CVE-2024-35554May 22, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.
CVE-2024-35553May 22, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35552May 22, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.
CVE-2024-35551May 22, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.
CVE-2024-35550May 22, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.
CVE-2024-34957May 16, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.
CVE-2024-34958May 16, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.03
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add
CVE-2024-35039May 16, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/tplSys_deal.php?mudi=area.
CVE-2024-35109May 15, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35108May 15, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
CVE-2024-35012May 14, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.
CVE-2024-35011May 14, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.
CVE-2024-35010May 14, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.
CVE-2024-35009May 14, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
CVE-2024-33830May 6, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.
CVE-2024-33829May 6, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.
CVE-2024-4172Apr 25, 2024
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991.
CVE-2022-27333Mar 21, 2022
idcCMS
idcCMS
risk 0.00cvss —epss 0.00
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.

Page 3 of 3