Filtered by vendor Idreamsoft
Subscriptions
Total
28 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2020-19142 | 1 Idreamsoft | 1 Icms | 2024-08-04 | 9.8 Critical |
iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php. | ||||
CVE-2020-18070 | 1 Idreamsoft | 1 Icms | 2024-08-04 | 9.1 Critical |
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php". | ||||
CVE-2021-44978 | 1 Idreamsoft | 1 Icms | 2024-08-04 | 9.8 Critical |
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution. | ||||
CVE-2021-44977 | 1 Idreamsoft | 1 Icms | 2024-08-04 | 7.5 High |
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files. | ||||
CVE-2022-41496 | 1 Idreamsoft | 1 Icms | 2024-08-03 | 9.8 Critical |
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php. | ||||
CVE-2023-40953 | 1 Idreamsoft | 1 Icms | 2024-08-02 | 8.8 High |
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). | ||||
CVE-2023-39806 | 1 Idreamsoft | 1 Icms | 2024-08-02 | 9.8 Critical |
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function. | ||||
CVE-2023-39805 | 1 Idreamsoft | 1 Icms | 2024-08-02 | 9.8 Critical |
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php. |