Every CVE whose affected-product data names Icmsdev Icms, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (18)
CVE-2023-42322 — CVSS 9.8 (critical): Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.
CVE-2018-12498 — CVSS 9.8 (critical): spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
CVE-2018-14514 — CVSS 9.8 (critical): An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or…
CVE-2018-18702 — CVSS 9.8 (critical): spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64…
CVE-2018-9924 — CVSS 9.8 (critical): An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save…
CVE-2019-6259 — CVSS 9.8 (critical): An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
CVE-2018-9923 — CVSS 8.8 (high): An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an…
CVE-2023-42321 — CVSS 8.8 (high): Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the…
CVE-2018-16314 — CVSS 8.8 (high): An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer…
CVE-2018-10117 — CVSS 8.8 (high): An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&d…
CVE-2018-10222 — CVSS 8.8 (high): An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&d…
CVE-2018-14858 — CVSS 7.5 (high): An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php…
CVE-2018-15895 — CVSS 7.5 (high): An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not…
CVE-2018-14415 — CVSS 6.1 (medium): An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=…
CVE-2018-10250 — CVSS 5.4 (medium): iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.
CVE-2018-9925 — CVSS 5.4 (medium): An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP…
CVE-2018-9922 — CVSS 5.3 (medium): An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a…