NotCVE - vendor:"Idreamsoft" product:"Icms" version:" <= 8.0.0"

Page 5 of 46 results (0.006 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10222

https://notcve.org/view.php?id=CVE-2018-10222

19 Apr 2018 — An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP. Se ha descubierto un problema en idreamsoft iCMS V7.0. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una columna mediante /admincp.php? • https://github.com/idreamsoft/iCMS/issues/21 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-10117

https://notcve.org/view.php?id=CVE-2018-10117

15 Apr 2018 — An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. Se ha descubierto un problema en idreamsoft iCMS V7.0.7. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta admin mediante admincp.php? • https://github.com/idreamsoft/iCMS/issues/20 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-9923

https://notcve.org/view.php?id=CVE-2018-9923

10 Apr 2018 — An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.7. Existe CSRF en admincp.php, tal y como queda demostrado con la adición de un artículo mediante una petición app=articledo=saveframe=iPHP. • https://github.com/idreamsoft/iCMS/issues/17 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-9922

https://notcve.org/view.php?id=CVE-2018-9922

10 Apr 2018 — An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.7. Existe un filtrado de ruta física mediante un campo nickname no válido que revela un nombre de ruta core/library/weixin.class.php. • https://github.com/idreamsoft/iCMS/issues/16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-9925

https://notcve.org/view.php?id=CVE-2018-9925

10 Apr 2018 — An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.7. Existe Cross-Site Scripting (XSS) mediante el campo nickname en una petición admincp.php? • https://github.com/idreamsoft/iCMS/issues/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2018-9924

https://notcve.org/view.php?id=CVE-2018-9924

10 Apr 2018 — An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.7. Existe inyección SQL mediante el parámetro pid del array en una petición admincp.php? • https://github.com/idreamsoft/iCMS/issues/19 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

1...3 4 5