Search Results | AttackerKB

36 Total Results

Displaying 1-10 of 36

Attacker Value

Unknown

CVE-2023-42322

Disclosure Date: September 20, 2023 (last updated October 08, 2023)

Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.

Attacker Value

Unknown

CVE-2023-42321

Disclosure Date: September 20, 2023 (last updated October 08, 2023)

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2023-40953

Disclosure Date: September 08, 2023 (last updated October 08, 2023)

icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2023-39806

Disclosure Date: August 10, 2023 (last updated October 08, 2023)

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2023-39805

Disclosure Date: August 10, 2023 (last updated October 08, 2023)

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2022-41496

Disclosure Date: October 13, 2022 (last updated February 24, 2025)

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2020-21141

Disclosure Date: November 12, 2021 (last updated February 23, 2025)

iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2020-26641

Disclosure Date: May 28, 2021 (last updated February 22, 2025)

A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2020-18070

Disclosure Date: April 30, 2021 (last updated February 22, 2025)

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2020-19527

Disclosure Date: December 10, 2020 (last updated February 22, 2025)

iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.

Attack Vector: Network Privileges: None User Interaction: None

36 Total Results

Displaying 1-10 of 36

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification