VYPR

Vendor CVEs

idcCMS

All CVEs

60 total · sorted by risk
  • CVE-2024-35361CriMay 21, 2024
    risk 0.64cvss 9.8epss 0.01

    MTab Bookmark v1.9.5 has an SQL injection vulnerability in /LinkStore/getIcon. An attacker can execute arbitrary SQL statements through this vulnerability without requiring any user rights.

  • CVE-2024-40332HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/moneyRecord_deal.php?mudi=delRecord

  • CVE-2024-40331HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/dbBakMySQL_deal.php?mudi=backup

  • CVE-2024-40334HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/serverFile_deal.php?mudi=upFileDel&dataID=3

  • CVE-2024-40333HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.01

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=del&dataID=2

  • CVE-2024-40329HigJul 10, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/softBak_deal.php?mudi=backup

  • CVE-2024-40039HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=del

  • CVE-2024-40037HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userScore_deal.php?mudi=del

  • CVE-2024-40036HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.01

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userGroup_deal.php?mudi=add&nohrefStr=close

  • CVE-2024-40034HigJul 9, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=del

  • CVE-2024-39023HigJul 5, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via admin/info_deal.php?mudi=add&nohrefStr=close

  • CVE-2024-39022HigJul 5, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/infoSys_deal.php?mudi=deal

  • CVE-2024-39158HigJun 27, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/userSys_deal.php?mudi=infoSet.

  • CVE-2024-39154HigJun 27, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/keyWord_deal.php?mudi=del&dataType=word&dataTypeCN.

  • CVE-2024-36670HigJun 5, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=del

  • CVE-2024-36669HigJun 5, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=add.

  • CVE-2024-36668HigJun 5, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/type_deal.php?mudi=del

  • CVE-2024-36667HigJun 5, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/idcProType_deal.php?mudi=add&nohrefStr=close

  • CVE-2024-36550HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=add&nohrefStr=close

  • CVE-2024-36549HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admin/vpsCompany_deal.php?mudi=rev&nohrefStr=close

  • CVE-2024-36548HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/vpsCompany_deal.php?mudi=del

  • CVE-2024-36547HigJun 4, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms V1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/vpsClass_deal.php?mudi=add

  • CVE-2024-35559HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-35558HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-35556HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsSys_deal.php?mudi=infoSet.

  • CVE-2024-35552HigMay 22, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=del&dataType=logo&dataTypeCN.

  • CVE-2024-35108HigMay 15, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.

  • CVE-2024-35010HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.

  • CVE-2024-35009HigMay 14, 2024
    risk 0.57cvss 8.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.

  • CVE-2024-35553HigMay 22, 2024
    risk 0.54cvss 8.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoMove_deal.php?mudi=add&nohrefStr=close.

  • CVE-2024-33830HigMay 6, 2024
    risk 0.53cvss 8.1epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.

  • CVE-2022-27333HigMar 21, 2022
    risk 0.49cvss 7.5epss 0.01

    idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.

  • CVE-2024-39155MedJun 27, 2024
    risk 0.44cvss 6.8epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ipRecord_deal.php?mudi=add.

  • CVE-2024-34958MedMay 16, 2024
    risk 0.42cvss 6.5epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/banner_deal.php?mudi=add

  • CVE-2024-35109MedMay 15, 2024
    risk 0.42cvss 6.5epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /homePro_deal.php?mudi=add&nohrefStr=close.

  • CVE-2024-40328MedJul 10, 2024
    risk 0.41cvss 6.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/memberOnline_deal.php?mudi=del&dataType=&dataID=6

  • CVE-2024-39020MedJul 5, 2024
    risk 0.41cvss 6.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/vpsApiData_deal.php?mudi=rev&nohrefStr=close

  • CVE-2024-35555MedMay 22, 2024
    risk 0.41cvss 6.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=newsWeb&fieldName=state&fieldName2=state&tabName=infoWeb&dataID=40.

  • CVE-2024-35550MedMay 22, 2024
    risk 0.41cvss 6.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=rev.

  • CVE-2024-35012MedMay 14, 2024
    risk 0.41cvss 6.3epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.

  • CVE-2024-40336MedJul 10, 2024
    risk 0.40cvss 6.1epss 0.00

    idccms v1.35 is vulnerable to Cross Site Scripting (XSS) within the 'Image Advertising Management.'

  • CVE-2024-40035MedJul 9, 2024
    risk 0.38cvss 5.9epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/userLevel_deal.php?mudi=add.

  • CVE-2024-35557MedMay 22, 2024
    risk 0.36cvss 5.5epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApi_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-39021MedJul 5, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/vpsApiData_deal.php?mudi=del

  • CVE-2024-39019MedJul 5, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /admin/idcProData_deal.php?mudi=del

  • CVE-2024-39119MedJul 2, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via admin/info_deal.php?mudi=rev&nohrefStr=close.

  • CVE-2024-35561MedMay 22, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/ca_deal.php?mudi=add&nohrefStr=close.

  • CVE-2024-35554MedMay 22, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=del&dataType=newsWeb&dataTypeCN.

  • CVE-2024-34957MedMay 16, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component admin/sysImages_deal.php?mudi=infoSet.

  • CVE-2024-35011MedMay 14, 2024
    risk 0.35cvss 5.4epss 0.00

    idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.

Page 1 of 2