Show filters
18 Total Results
Displaying 11-18 of 18
Sort by:
Attacker Value
Unknown

CVE-2018-12498

Disclosure Date: June 15, 2018 (last updated November 26, 2024)
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
0
0
Attacker Value
Unknown

CVE-2018-10250

Disclosure Date: April 20, 2018 (last updated November 26, 2024)
iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
0
0
Attacker Value
Unknown

CVE-2018-10222

Disclosure Date: April 19, 2018 (last updated November 26, 2024)
An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.
0
0
Attacker Value
Unknown

CVE-2018-10117

Disclosure Date: April 16, 2018 (last updated November 26, 2024)
An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.
0
0
Attacker Value
Unknown

CVE-2018-9924

Disclosure Date: April 10, 2018 (last updated November 26, 2024)
An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request.
0
0
Attacker Value
Unknown

CVE-2018-9923

Disclosure Date: April 10, 2018 (last updated November 26, 2024)
An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request.
0
0
Attacker Value
Unknown

CVE-2018-9922

Disclosure Date: April 10, 2018 (last updated November 26, 2024)
An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname.
0
0
Attacker Value
Unknown

CVE-2018-9925

Disclosure Date: April 10, 2018 (last updated November 26, 2024)
An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request.
0
0
View More Topics  < Previous