CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40953
https://notcve.org/view.php?id=CVE-2023-40953
08 Sep 2023 — icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). iCMS v7.0.16 es vulnerable a Cross-Site Request Forgery (CSRF). • https://gist.github.com/ChubbyZ/e1e5c1858c389334dcf581a19c741308 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39806
https://notcve.org/view.php?id=CVE-2023-39806
10 Aug 2023 — iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. • http://icms.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39805
https://notcve.org/view.php?id=CVE-2023-39805
10 Aug 2023 — iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. • http://icms.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41496
https://notcve.org/view.php?id=CVE-2022-41496
13 Oct 2022 — iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. Se ha detectado que iCMS versión v7.0.16, contiene una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) por medio del parámetro url en el archivo admincp.php • https://github.com/jayus0821/insight/blob/master/iCMS%20SSRF.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44977
https://notcve.org/view.php?id=CVE-2021-44977
04 Feb 2022 — In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. En iCMS versiones anteriores a 8.0.0 incluyéndola, una vulnerabilidad de salto de directorio permite a un atacante leer archivos arbitrarios • https://gem-love.com/2021/12/10/ICMS-8-0-0%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%960day%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44978
https://notcve.org/view.php?id=CVE-2021-44978
04 Feb 2022 — iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. iCMS versiones anteriores a 8.0.0 incluyéndola, permite a usuarios añadir y renderizar una plantilla comtom, que presenta una vulnerabilidad SSTI que causa una ejecución de código remota • https://gem-love.com/2021/12/10/ICMS-8-0-0%E5%90%8E%E5%8F%B0%E6%A8%A1%E6%9D%BF%E6%B3%A8%E5%85%A5%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C0day%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-21141
https://notcve.org/view.php?id=CVE-2020-21141
12 Nov 2021 — iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. Se ha detectado que iCMS versión v7.0.15, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) por medio de /admincp.php?app=members&do=add • https://github.com/hxcc/just_for_fun/blob/master/ICMS%20CSRF • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26641
https://notcve.org/view.php?id=CVE-2020-26641
28 May 2021 — A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts. Se detectó una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en iCMS versión 7.0.16, que puede permitir a un atacante ejecutar scripts web arbitrarios • https://bbs.pediy.com/thread-262308.htm • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18070
https://notcve.org/view.php?id=CVE-2020-18070
29 Apr 2021 — Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". Un Salto de Ruta en iCMS versión v7.0.13, permite a atacantes remotos eliminar carpetas al inyectar comandos en una petición HTTP diseñada en el método "do_del()" del componente "database.admincp.php". • https://github.com/idreamsoft/iCMS/issues/46 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2020-19142
https://notcve.org/view.php?id=CVE-2020-19142
10 Dec 2020 — iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. Los atacantes de iCMS versión 7 ejecutan comandos arbitrarios del Sistema Operativo por medio de metacaracteres de shell en el parámetro DB_PREFIX para el archivo install/install.php. • https://github.com/idreamsoft/iCMS/issues/65 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •