CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42322
https://notcve.org/view.php?id=CVE-2023-42322
20 Sep 2023 — Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. Vulnerabilidad de Permisos Inseguros en icmsdev iCMS v.7.0.16 permite a un atacante remoto obtener información sensible. • https://gist.github.com/ChubbyZ/0ddb9772231d9a8c5b5345883abcb0a6 • CWE-384: Session Fixation •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-42321
https://notcve.org/view.php?id=CVE-2023-42321
20 Sep 2023 — Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. Vulnerabilidad de Cross Site Request Forgery (CSRF) en icmsdev iCMSv.7.0.16 permite a un atacante remoto ejecutar código arbitrario a través de los archivos user.admincp.php, member.admincp.php y group.admincp.php. • https://gist.github.com/ChubbyZ/cb4b8fd818846dec3e9d70863e7955bc • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-40953
https://notcve.org/view.php?id=CVE-2023-40953
08 Sep 2023 — icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). iCMS v7.0.16 es vulnerable a Cross-Site Request Forgery (CSRF). • https://gist.github.com/ChubbyZ/e1e5c1858c389334dcf581a19c741308 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39806
https://notcve.org/view.php?id=CVE-2023-39806
10 Aug 2023 — iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. • http://icms.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39805
https://notcve.org/view.php?id=CVE-2023-39805
10 Aug 2023 — iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. • http://icms.com • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2022-41496
https://notcve.org/view.php?id=CVE-2022-41496
13 Oct 2022 — iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. Se ha detectado que iCMS versión v7.0.16, contiene una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) por medio del parámetro url en el archivo admincp.php • https://github.com/jayus0821/insight/blob/master/iCMS%20SSRF.md • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-44977
https://notcve.org/view.php?id=CVE-2021-44977
04 Feb 2022 — In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. En iCMS versiones anteriores a 8.0.0 incluyéndola, una vulnerabilidad de salto de directorio permite a un atacante leer archivos arbitrarios • https://gem-love.com/2021/12/10/ICMS-8-0-0%E5%90%8E%E5%8F%B0%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E8%AF%BB%E5%8F%960day%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-44978
https://notcve.org/view.php?id=CVE-2021-44978
04 Feb 2022 — iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. iCMS versiones anteriores a 8.0.0 incluyéndola, permite a usuarios añadir y renderizar una plantilla comtom, que presenta una vulnerabilidad SSTI que causa una ejecución de código remota • https://gem-love.com/2021/12/10/ICMS-8-0-0%E5%90%8E%E5%8F%B0%E6%A8%A1%E6%9D%BF%E6%B3%A8%E5%85%A5%E5%AF%BC%E8%87%B4%E8%BF%9C%E7%A8%8B%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C0day%E6%BC%8F%E6%B4%9E%E5%88%86%E6%9E%90 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-26641
https://notcve.org/view.php?id=CVE-2020-26641
28 May 2021 — A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts. Se detectó una vulnerabilidad de tipo Cross Site Request Forgery (CSRF) en iCMS versión 7.0.16, que puede permitir a un atacante ejecutar scripts web arbitrarios • https://bbs.pediy.com/thread-262308.htm • CWE-352: Cross-Site Request Forgery (CSRF) •