Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.

icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.

A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.