Show filters
3 Total Results
Displaying 1-3 of 3
Sort by:
Attacker Value
Unknown

CVE-2020-21141

Disclosure Date: November 12, 2021 (last updated February 23, 2025)
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2019-17583

Disclosure Date: October 14, 2019 (last updated November 27, 2024)
idreamsoft iCMS 7.0.15 allows remote attackers to cause a denial of service (resource consumption) via a query for many comments, as demonstrated by the admincp.php?app=comment&perpage= substring followed by a large positive integer.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2019-14976

Disclosure Date: August 12, 2019 (last updated November 27, 2024)
iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.
0
0