iDreamSoft iCMS 7.0.14

CPE Details

iDreamSoft iCMS 7.0.14
idreamsoft
icms
7.0.14
2019-02-19
15h12 +00:00
2019-02-19
15h12 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:idreamsoft:icms:7.0.14:*:*:*:*:*:*:*

Informations

Vendor

idreamsoft

Product

icms

Version

7.0.14

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-44977 2022-02-04 14h35 +00:00 In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
7.5
High
CVE-2021-44978 2022-02-04 14h29 +00:00 iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
9.8
Critical
CVE-2020-19527 2020-12-10 20h06 +00:00 iCMS 7.0.14 attackers to execute arbitrary OS commands via shell metacharacters in the DB_NAME parameter to install/install.php.
9.8
Critical
CVE-2019-17552 2019-10-14 10h32 +00:00 An issue was discovered in idreamsoft iCMS v7.0.14. There is a spider_project.admincp.php SQL injection vulnerability in the 'upload spider project scheme' feature via a two-dimensional payload.
9.8
Critical
CVE-2019-11427 2019-04-21 19h35 +00:00 An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.
6.1
Medium
CVE-2019-11426 2019-04-21 19h35 +00:00 An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
6.1
Medium
CVE-2019-8902 2019-02-18 14h00 +00:00 An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
5.7
Medium