CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7237
https://notcve.org/view.php?id=CVE-2019-7237
30 Jan 2019 — An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. Se ha descubierto un problema en idreamsoft iCMS, en su versión 7.0.13 en Windows. editor/editor.admincp.php permite un salto de directorio mediante dir=..\ en admincp.php?app=editordo=fileManager. • https://github.com/idreamsoft/iCMS/issues/54 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7235
https://notcve.org/view.php?id=CVE-2019-7235
30 Jan 2019 — An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. Se ha descubierto un problema en idreamsoft iCMS 7.0.13. • https://github.com/idreamsoft/iCMS/issues/52 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-7160
https://notcve.org/view.php?id=CVE-2019-7160
29 Jan 2019 — idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. idreamsoft iCMS 7.0.13 permite un salto de directorio ../ en admincp.php?app=files mediante el parámetro udir en files.admincp.php, que resulta en la ejecución de código PHP arbitrario de un archivo ZIP mediante el parámetro zipfile en admincp.php?app=apps, en a... • https://github.com/idreamsoft/iCMS/issues/50 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16365
https://notcve.org/view.php?id=CVE-2018-16365
02 Sep 2018 — An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. Se ha descubierto un problema en idreamsoft iCMS V7.0.10. admincp.php?app=groupdo=save permite CSRF. • https://github.com/idreamsoft/iCMS/issues/32 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16366
https://notcve.org/view.php?id=CVE-2018-16366
02 Sep 2018 — An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. Se ha descubierto un problema en idreamsoft iCMS V7.0.10. admincp.php?app=userdo=save permite CSRF. • https://github.com/idreamsoft/iCMS/issues/32 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16332
https://notcve.org/view.php?id=CVE-2018-16332
02 Sep 2018 — An issue was discovered in iCMS 7.0.9. There is an admincp.php?app=article&do=update CSRF vulnerability. Se ha descubierto un problema en iCMS 7.0.9. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) en admincp.php? • https://github.com/idreamsoft/iCMS/issues/31 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2018-16320
https://notcve.org/view.php?id=CVE-2018-16320
01 Sep 2018 — idreamsoft iCMS 7.0.11 allows admincp.php?app=config Directory Traversal, resulting in execution of arbitrary PHP code from a ZIP file. idreamsoft iCMS 7.0.11 permite un salto de directorio en admincp.php?app=config, lo que resulta en la ejecución de código PHParbitrario desde un archivo ZIP. • https://github.com/idreamsoft/iCMS/issues/41 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-13865
https://notcve.org/view.php?id=CVE-2018-13865
10 Jul 2018 — An issue was discovered in idreamsoft iCMS 7.0.9. XSS exists via the callback parameter in a public/api.php uploadpic request, bypassing the iWAF protection mechanism. Se ha descubierto un problema en idreamsoft iCMS 7.0.9. Existe Cross-Site Scripting mediante el parámetro callback en una petición uploadpic en public/api.php, omitiendo el mecanismo de protección iWAF. • https://github.com/idreamsoft/iCMS/issues/27 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •