Idreamsoft ≫ Icms

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be lau...

icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.

iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.

iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.

iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.

In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.

iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.

A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.

Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "do_del()" method of the component "database.admincp.php".