CVSS: 10.0EPSS: 7%CPEs: 1EXPL: 1CVE-2020-19527
https://notcve.org/view.php?id=CVE-2020-19527
10 Dec 2020 — iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php. Los atacantes de iCMS versión 7.0.14, ejecutan comandos arbitrarios del sistema operativo por medio de metacaracteres de shell en el parámetro DB_NAME para el archivo install/install.php. • https://github.com/idreamsoft/iCMS/issues/66 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-24739
https://notcve.org/view.php?id=CVE-2020-24739
10 Sep 2020 — A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted. Se encontró una vulnerabilidad de tipo CSRF en iCMS versión v7.0.0, en la cuenta de administrador de eliminación en segundo plano. Cuando falta el CSRF_TOKEN y aún puede solicitarlo normalmente, se eliminarán todos los administradores, excepto el administrador inicial • https://github.com/idreamsoft/iCMS/issues/76 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-17583
https://notcve.org/view.php?id=CVE-2019-17583
14 Oct 2019 — idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer. idreamsoft iCMS versión 7.0.15 permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante una consulta para muchos comentarios, como queda demostrado en la subcadena admincp.php?app=comment&perpage= seguido de un gran número entero pos... • https://github.com/idreamsoft/iCMS/issues/83 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-17552
https://notcve.org/view.php?id=CVE-2019-17552
14 Oct 2019 — An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload. Se ha detectado un problema en idreamsoft iCMS versión 7.0.14. Existe una vulnerabilidad de inyección de SQL spider_project.admincp.php en la función ''upload spider project scheme' mediante una carga útil de dos dimensiones. • https://github.com/idreamsoft/iCMS/issues/77 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-16677
https://notcve.org/view.php?id=CVE-2019-16677
21 Sep 2019 — An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF. Se detectó un problema en idreamsoft iCMS versión V7.0. admincp.php?app=members&do=del permite un ataque de tipo CSRF. • https://github.com/idreamsoft/iCMS/issues/76 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11427
https://notcve.org/view.php?id=CVE-2019-11427
21 Apr 2019 — An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter. Se descubrió un problema de cross-site scripting (XSS) en app/search/search.app.php en idreamsoft iCMS versión 7.0.14 a través del parámetro public/api.php?app=search q. • https://github.com/idreamsoft/iCMS/issues/64 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11426
https://notcve.org/view.php?id=CVE-2019-11426
21 Apr 2019 — An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter. Un problema de cross-site-scripting (XSS) fue descubierto en app/admincp/template/admincp.header.php en idreamsoft iCMS versión 7.0.14 a través del parámetro admincp.php?app=config tab. • https://github.com/idreamsoft/iCMS/issues/64 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8902
https://notcve.org/view.php?id=CVE-2019-8902
18 Feb 2019 — An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.14. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) puede eliminar los artículos del usuario mediante el URI "public/api.php? • https://github.com/idreamsoft/iCMS/issues/56 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 1CVE-2019-7234
https://notcve.org/view.php?id=CVE-2019-7234
30 Jan 2019 — An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request. Se ha descubierto un problema en idreamsoft iCMS 7.0.13. admincp.php? • https://github.com/idreamsoft/iCMS/issues/51 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7236
https://notcve.org/view.php?id=CVE-2019-7236
30 Jan 2019 — An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. Se ha descubierto un problema en idreamsoft iCMS 7.0.13. editor/editor.admincp.php permite un salto de directorio mediante dir=../ en admincp.php?app=editordo=fileManager. • https://github.com/idreamsoft/iCMS/issues/53 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •