NotCVE - vendor:"Idreamsoft" product:"Icms" version:"7.0.15"

5 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-44977

https://notcve.org/view.php?id=CVE-2021-44977

04 Feb 2022 — In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. En iCMS versiones anteriores a 8.0.0 incluyéndola, una vulnerabilidad de salto de directorio permite a un atacante leer archivos arbitrarios • https://gem-love.com/2021/12/10/ICMS-8-0-0%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%960day%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2021-44978

https://notcve.org/view.php?id=CVE-2021-44978

04 Feb 2022 — iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. iCMS versiones anteriores a 8.0.0 incluyéndola, permite a usuarios añadir y renderizar una plantilla comtom, que presenta una vulnerabilidad SSTI que causa una ejecución de código remota • https://gem-love.com/2021/12/10/ICMS-8-0-0%E5%90%8E%E5%8F%B0%E6%A8%A1%E6%9D%BF%E6%B3%A8%E5%85%A5%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C0day%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

CVE-2020-21141

https://notcve.org/view.php?id=CVE-2020-21141

12 Nov 2021 — iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add. Se ha detectado que iCMS versión v7.0.15, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) por medio de /admincp.php?app=members&do=add • https://github.com/hxcc/just_for_fun/blob/master/ICMS%20CSRF • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2019-17583

https://notcve.org/view.php?id=CVE-2019-17583

14 Oct 2019 — idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer. idreamsoft iCMS versión 7.0.15 permite que atacantes remotos provoquen una denegación de servicio (consumo de recursos) mediante una consulta para muchos comentarios, como queda demostrado en la subcadena admincp.php?app=comment&perpage= seguido de un gran número entero pos... • https://github.com/idreamsoft/iCMS/issues/83 • CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2019-14976

https://notcve.org/view.php?id=CVE-2019-14976

12 Aug 2019 — iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. iCMS versión 7.0.15 permite admincp.php? app = apps XSS a través del parámetro de palabras clave. • https://github.com/idreamsoft/iCMS/issues/71 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •