Search
Total
6 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-16314 | 1 Icmsdev | 1 Icms | 2018-11-13 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. | |||||
| CVE-2018-15895 | 1 Icmsdev | 1 Icms | 2018-11-07 | 5.0 MEDIUM | 7.5 HIGH |
| An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. | |||||
| CVE-2018-14858 | 1 Icmsdev | 1 Icms | 2018-10-03 | 5.0 MEDIUM | 7.5 HIGH |
| An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514. | |||||
| CVE-2018-10222 | 1 Icmsdev | 1 Icms | 2018-05-22 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP. | |||||
| CVE-2018-10117 | 1 Icmsdev | 1 Icms | 2018-05-18 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. | |||||
| CVE-2018-9923 | 1 Icmsdev | 1 Icms | 2018-04-17 | 6.8 MEDIUM | 8.8 HIGH |
| An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. | |||||