CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42322
https://notcve.org/view.php?id=CVE-2023-42322
20 Sep 2023 — Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. Vulnerabilidad de Permisos Inseguros en icmsdev iCMS v.7.0.16 permite a un atacante remoto obtener información sensible. • https://gist.github.com/ChubbyZ/0ddb9772231d9a8c5b5345883abcb0a6 • CWE-384: Session Fixation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42321
https://notcve.org/view.php?id=CVE-2023-42321
20 Sep 2023 — Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. Vulnerabilidad de Cross Site Request Forgery (CSRF) en icmsdev iCMSv.7.0.16 permite a un atacante remoto ejecutar código arbitrario a través de los archivos user.admincp.php, member.admincp.php y group.admincp.php. • https://gist.github.com/ChubbyZ/cb4b8fd818846dec3e9d70863e7955bc • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-14976
https://notcve.org/view.php?id=CVE-2019-14976
12 Aug 2019 — iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. iCMS versión 7.0.15 permite admincp.php? app = apps XSS a través del parámetro de palabras clave. • https://github.com/idreamsoft/iCMS/issues/71 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6259
https://notcve.org/view.php?id=CVE-2019-6259
14 Jan 2019 — An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. Se ha descubierto un problema en idreamsoft iCMS V7.0.13. Hay Inyección SQL mediante el parámetro app/article/article.admincp.php _data_id. • https://github.com/idreamsoft/iCMS/issues/47 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18702
https://notcve.org/view.php?id=CVE-2018-18702
27 Oct 2018 — spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. spider.admincp.php en iCMS v7.0.11 permite una inyección SQL mediante admincp.php?app=spiderdo=import_rule debido a que el contenido de upfile está descodificado en base64, deserializado y se emplea para la inserción en la base de datos. • https://github.com/idreamsoft/iCMS/issues/42 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16314
https://notcve.org/view.php?id=CVE-2018-16314
01 Sep 2018 — An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. Se ha descubierto un problema en admincp.php en idreamsoft iCMS 7.0.11. Al verificar CSRF_TOKEN, si CSRF_TOKEN no existe, solo se valida la cabecera Referer, lo que puede omitirse mediante una subcadena admincp.php en esta cabecera. • https://github.com/idreamsoft/iCMS/issues/35 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15895
https://notcve.org/view.php?id=CVE-2018-15895
27 Aug 2018 — An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. Se ha descubierto una vulnerabilidad Server-Side Request Forgery (SSRF) en idreamsoft iCMS 7.0.11 debido a que la función remote en app/spider/spider_tools.class.php no bloquea l... • https://github.com/idreamsoft/iCMS/issues/40 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14858
https://notcve.org/view.php?id=CVE-2018-14858
02 Aug 2018 — An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514. Se ha descubierto una vulnerabilidad Server-Side Request Forgery (SSRF) en idreamsoft iCMS en versiones anteriores a la V7.0.11 debido a que la función remote en app/spider/spider_tools.class.php no bloquea las direcciones IP ... • https://github.com/idreamsoft/iCMS/issues/33 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2018-14514
https://notcve.org/view.php?id=CVE-2018-14514
23 Jul 2018 — An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. Se ha descubierto una vulnerabilidad Server-Side Request Forgery (SSRF) en idreamsoft iCMS V7.0.9 que permite que los atacantes lean archivos sensibles, accedan a la intranet o provoquen otro tipo de impacto sin especificar. • https://github.com/idreamsoft/iCMS/issues/29 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14415
https://notcve.org/view.php?id=CVE-2018-14415
19 Jul 2018 — An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. Se ha descubierto un problema en idreamsoft iCMS en versiones anteriores a la 7.0.10. Existe Cross-Site Scripting (XSS) mediante el cuarto y el quinto elemento de entrada en la pantalla admincp.php? • https://github.com/idreamsoft/iCMS/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •