CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9922
https://notcve.org/view.php?id=CVE-2018-9922
10 Apr 2018 — An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.7. Existe un filtrado de ruta física mediante un campo nickname no válido que revela un nombre de ruta core/library/weixin.class.php. • https://github.com/idreamsoft/iCMS/issues/16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9925
https://notcve.org/view.php?id=CVE-2018-9925
10 Apr 2018 — An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.7. Existe Cross-Site Scripting (XSS) mediante el campo nickname en una petición admincp.php? • https://github.com/idreamsoft/iCMS/issues/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9924
https://notcve.org/view.php?id=CVE-2018-9924
10 Apr 2018 — An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.7. Existe inyección SQL mediante el parámetro pid del array en una petición admincp.php? • https://github.com/idreamsoft/iCMS/issues/19 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •