iDreamSoft iCMS 7.0.0

CPE Details

iDreamSoft iCMS 7.0.0
idreamsoft
icms
7.0.0
2019-01-29
17h43 +00:00
2019-01-29
17h43 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:idreamsoft:icms:7.0.0:*:*:*:*:*:*:*

Informations

Vendor

idreamsoft

Product

icms

Version

7.0.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2021-44977 2022-02-04 14h35 +00:00 In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
7.5
High
CVE-2021-44978 2022-02-04 14h29 +00:00 iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
9.8
Critical
CVE-2020-19142 2020-12-10 20h07 +00:00 iCMS 7 attackers to execute arbitrary OS commands via shell metacharacters in the DB_PREFIX parameter to install/install.php.
9.8
Critical
CVE-2020-24739 2020-09-10 11h17 +00:00 A CSRF vulnerability was found in iCMS v7.0.0 in the background deletion administrator account. When missing the CSRF_TOKEN and can still request normally, all administrators except the initial administrator will be deleted.
6.5
Medium
CVE-2019-16677 2019-09-21 17h51 +00:00 An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
6.5
Medium
CVE-2019-8902 2019-02-18 14h00 +00:00 An issue was discovered in idreamsoft iCMS through 7.0.14. A CSRF vulnerability can delete users' articles via the public/api.php?app=user URI.
5.7
Medium