CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8902
https://notcve.org/view.php?id=CVE-2019-8902
18 Feb 2019 — An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.14. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) puede eliminar los artículos del usuario mediante el URI "public/api.php? • https://github.com/idreamsoft/iCMS/issues/56 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 1CVE-2019-7234
https://notcve.org/view.php?id=CVE-2019-7234
30 Jan 2019 — An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to begin the process of creating a ZIP archive file with the complete contents of any directory because of an apps.admincp.php error. This ZIP archive file can then be downloaded via an admincp.php?app=apps&do=pack request. Se ha descubierto un problema en idreamsoft iCMS 7.0.13. admincp.php? • https://github.com/idreamsoft/iCMS/issues/51 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7236
https://notcve.org/view.php?id=CVE-2019-7236
30 Jan 2019 — An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal. Se ha descubierto un problema en idreamsoft iCMS 7.0.13. editor/editor.admincp.php permite un salto de directorio mediante dir=../ en admincp.php?app=editordo=fileManager. • https://github.com/idreamsoft/iCMS/issues/53 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2019-7237
https://notcve.org/view.php?id=CVE-2019-7237
30 Jan 2019 — An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse ..\ Directory Traversal. Se ha descubierto un problema en idreamsoft iCMS, en su versión 7.0.13 en Windows. editor/editor.admincp.php permite un salto de directorio mediante dir=..\ en admincp.php?app=editordo=fileManager. • https://github.com/idreamsoft/iCMS/issues/54 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-7235
https://notcve.org/view.php?id=CVE-2019-7235
30 Jan 2019 — An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request. Se ha descubierto un problema en idreamsoft iCMS 7.0.13. • https://github.com/idreamsoft/iCMS/issues/52 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2019-7160
https://notcve.org/view.php?id=CVE-2019-7160
29 Jan 2019 — idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php. idreamsoft iCMS 7.0.13 permite un salto de directorio ../ en admincp.php?app=files mediante el parámetro udir en files.admincp.php, que resulta en la ejecución de código PHP arbitrario de un archivo ZIP mediante el parámetro zipfile en admincp.php?app=apps, en a... • https://github.com/idreamsoft/iCMS/issues/50 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-6259
https://notcve.org/view.php?id=CVE-2019-6259
14 Jan 2019 — An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. Se ha descubierto un problema en idreamsoft iCMS V7.0.13. Hay Inyección SQL mediante el parámetro app/article/article.admincp.php _data_id. • https://github.com/idreamsoft/iCMS/issues/47 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-18702
https://notcve.org/view.php?id=CVE-2018-18702
27 Oct 2018 — spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. spider.admincp.php en iCMS v7.0.11 permite una inyección SQL mediante admincp.php?app=spiderdo=import_rule debido a que el contenido de upfile está descodificado en base64, deserializado y se emplea para la inserción en la base de datos. • https://github.com/idreamsoft/iCMS/issues/42 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16365
https://notcve.org/view.php?id=CVE-2018-16365
02 Sep 2018 — An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=group&do=save allows CSRF. Se ha descubierto un problema en idreamsoft iCMS V7.0.10. admincp.php?app=groupdo=save permite CSRF. • https://github.com/idreamsoft/iCMS/issues/32 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-16366
https://notcve.org/view.php?id=CVE-2018-16366
02 Sep 2018 — An issue was discovered in idreamsoft iCMS V7.0.10. admincp.php?app=user&do=save allows CSRF. Se ha descubierto un problema en idreamsoft iCMS V7.0.10. admincp.php?app=userdo=save permite CSRF. • https://github.com/idreamsoft/iCMS/issues/32 • CWE-352: Cross-Site Request Forgery (CSRF) •