CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44977
https://notcve.org/view.php?id=CVE-2021-44977
04 Feb 2022 — In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. En iCMS versiones anteriores a 8.0.0 incluyéndola, una vulnerabilidad de salto de directorio permite a un atacante leer archivos arbitrarios • https://gem-love.com/2021/12/10/ICMS-8-0-0%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%960day%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44978
https://notcve.org/view.php?id=CVE-2021-44978
04 Feb 2022 — iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. iCMS versiones anteriores a 8.0.0 incluyéndola, permite a usuarios añadir y renderizar una plantilla comtom, que presenta una vulnerabilidad SSTI que causa una ejecución de código remota • https://gem-love.com/2021/12/10/ICMS-8-0-0%E5%90%8E%E5%8F%B0%E6%A8%A1%E6%9D%BF%E6%B3%A8%E5%85%A5%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C0day%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 1CVE-2019-8902
https://notcve.org/view.php?id=CVE-2019-8902
18 Feb 2019 — An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.14. Una vulnerabilidad de Cross-Site Request Forgery (CSRF) puede eliminar los artículos del usuario mediante el URI "public/api.php? • https://github.com/idreamsoft/iCMS/issues/56 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-15895
https://notcve.org/view.php?id=CVE-2018-15895
27 Aug 2018 — An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. Se ha descubierto una vulnerabilidad Server-Side Request Forgery (SSRF) en idreamsoft iCMS 7.0.11 debido a que la función remote en app/spider/spider_tools.class.php no bloquea l... • https://github.com/idreamsoft/iCMS/issues/40 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14858
https://notcve.org/view.php?id=CVE-2018-14858
02 Aug 2018 — An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514. Se ha descubierto una vulnerabilidad Server-Side Request Forgery (SSRF) en idreamsoft iCMS en versiones anteriores a la V7.0.11 debido a que la función remote en app/spider/spider_tools.class.php no bloquea las direcciones IP ... • https://github.com/idreamsoft/iCMS/issues/33 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2018-14415
https://notcve.org/view.php?id=CVE-2018-14415
19 Jul 2018 — An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. Se ha descubierto un problema en idreamsoft iCMS en versiones anteriores a la 7.0.10. Existe Cross-Site Scripting (XSS) mediante el cuarto y el quinto elemento de entrada en la pantalla admincp.php? • https://github.com/idreamsoft/iCMS/issues/28 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10117
https://notcve.org/view.php?id=CVE-2018-10117
15 Apr 2018 — An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. Se ha descubierto un problema en idreamsoft iCMS V7.0.7. Hay una vulnerabilidad de Cross-Site Request Forgery (CSRF) que puede añadir una cuenta admin mediante admincp.php? • https://github.com/idreamsoft/iCMS/issues/20 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9923
https://notcve.org/view.php?id=CVE-2018-9923
10 Apr 2018 — An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.7. Existe CSRF en admincp.php, tal y como queda demostrado con la adición de un artículo mediante una petición app=articledo=saveframe=iPHP. • https://github.com/idreamsoft/iCMS/issues/17 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9922
https://notcve.org/view.php?id=CVE-2018-9922
10 Apr 2018 — An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.7. Existe un filtrado de ruta física mediante un campo nickname no válido que revela un nombre de ruta core/library/weixin.class.php. • https://github.com/idreamsoft/iCMS/issues/16 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2018-9925
https://notcve.org/view.php?id=CVE-2018-9925
10 Apr 2018 — An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. Se ha descubierto un problema en idreamsoft iCMS hasta la versión 7.0.7. Existe Cross-Site Scripting (XSS) mediante el campo nickname en una petición admincp.php? • https://github.com/idreamsoft/iCMS/issues/18 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •