Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Idreamsoft Subscribe
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-7237 2 Idreamsoft, Microsoft 2 Icms, Windows 2019-01-31 5.0 MEDIUM 7.5 HIGH
An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal.
CVE-2019-7236 1 Idreamsoft 1 Icms 2019-01-31 5.0 MEDIUM 7.5 HIGH
An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.
CVE-2018-16320 1 Idreamsoft 1 Icms 2018-11-02 6.5 MEDIUM 7.2 HIGH
idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file.
CVE-2018-16332 1 Idreamsoft 1 Icms 2018-10-24 6.8 MEDIUM 8.8 HIGH
An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability.
CVE-2018-13865 1 Idreamsoft 1 Icms 2018-09-06 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism.