Vendor CVEs
idcCMS
All CVEs
59 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-35108 | 0.00 | — | 0.00 | May 15, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN. | |||
| CVE-2024-35012 | 0.00 | — | 0.00 | May 14, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close. | |||
| CVE-2024-35011 | 0.00 | — | 0.00 | May 14, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close. | |||
| CVE-2024-35010 | 0.00 | — | 0.00 | May 14, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6. | |||
| CVE-2024-35009 | 0.00 | — | 0.00 | May 14, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6. | |||
| CVE-2024-33830 | 0.00 | — | 0.00 | May 6, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache. | |||
| CVE-2024-33829 | 0.00 | — | 0.00 | May 6, 2024 | idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache. | |||
| CVE-2024-4172 | 0.00 | — | 0.00 | Apr 25, 2024 | A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991. | |||
| CVE-2022-27333 | 0.00 | — | 0.00 | Mar 21, 2022 | idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data. |
- CVE-2024-35108May 15, 2024risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/homePro_deal.php?mudi=del&dataType=&dataTypeCN.
- CVE-2024-35012May 14, 2024risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=add&nohrefStr=close.
- CVE-2024-35011May 14, 2024risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoType_deal.php?mudi=rev&nohrefStr=close.
- CVE-2024-35010May 14, 2024risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/banner_deal.php?mudi=del&dataType=&dataTypeCN=%E5%9B%BE%E7%89%87%E5%B9%BF%E5%91%8A&theme=cs&dataID=6.
- CVE-2024-35009May 14, 2024risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/share_switch.php?mudi=switch&dataType=&fieldName=state&fieldName2=state&tabName=banner&dataID=6.
- CVE-2024-33830May 6, 2024risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=clearWebCache.
- CVE-2024-33829May 6, 2024risk 0.00cvss —epss 0.00
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/readDeal.php?mudi=updateWebCache.
- CVE-2024-4172Apr 25, 2024risk 0.00cvss —epss 0.00
A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991.
- CVE-2022-27333Mar 21, 2022risk 0.00cvss —epss 0.00
idcCMS v1.10 was discovered to contain an issue which allows attackers to arbitrarily delete the install.lock file, resulting in a reset of the CMS settings and data.
Page 2 of 2