Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Idreamsoft Subscribe
Filtered by product Icms
Total 25 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-41496 1 Idreamsoft 1 Icms 2022-10-14 N/A 9.8 CRITICAL
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
CVE-2021-44978 1 Idreamsoft 1 Icms 2022-02-08 7.5 HIGH 9.8 CRITICAL
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
CVE-2021-44977 1 Idreamsoft 1 Icms 2022-02-08 5.0 MEDIUM 7.5 HIGH
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
CVE-2020-21141 1 Idreamsoft 1 Icms 2021-11-16 6.8 MEDIUM 8.8 HIGH
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
CVE-2020-26641 1 Idreamsoft 1 Icms 2021-06-03 6.8 MEDIUM 8.8 HIGH
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.
CVE-2020-18070 1 Idreamsoft 1 Icms 2021-05-03 6.4 MEDIUM 9.1 CRITICAL
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".
CVE-2020-19142 1 Idreamsoft 1 Icms 2020-12-11 10.0 HIGH 9.8 CRITICAL
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
CVE-2020-19527 1 Idreamsoft 1 Icms 2020-12-11 10.0 HIGH 9.8 CRITICAL
iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
CVE-2020-24739 1 Idreamsoft 1 Icms 2020-09-16 4.3 MEDIUM 6.5 MEDIUM
A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.
CVE-2019-17583 1 Idreamsoft 1 Icms 2020-08-24 5.0 MEDIUM 7.5 HIGH
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.
CVE-2019-17552 1 Idreamsoft 1 Icms 2019-10-16 7.5 HIGH 9.8 CRITICAL
An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
CVE-2019-16677 1 Idreamsoft 1 Icms 2019-09-23 5.8 MEDIUM 6.5 MEDIUM
An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
CVE-2019-11427 1 Idreamsoft 1 Icms 2019-04-22 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.
CVE-2019-11426 1 Idreamsoft 1 Icms 2019-04-22 4.3 MEDIUM 6.1 MEDIUM
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
CVE-2018-16365 1 Idreamsoft 1 Icms 2019-04-16 6.8 MEDIUM 8.8 HIGH
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF.
CVE-2018-16366 1 Idreamsoft 1 Icms 2019-04-16 6.8 MEDIUM 8.8 HIGH
An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF.
CVE-2019-8902 1 Idreamsoft 1 Icms 2019-02-19 4.9 MEDIUM 5.7 MEDIUM
An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
CVE-2019-7234 1 Idreamsoft 1 Icms 2019-02-05 6.4 MEDIUM 9.1 CRITICAL
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request.
CVE-2019-7160 1 Idreamsoft 1 Icms 2019-02-04 7.5 HIGH 9.8 CRITICAL
idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.
CVE-2019-7235 1 Idreamsoft 1 Icms 2019-01-31 6.4 MEDIUM 7.5 HIGH
An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.