彙總 icmsdev 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
已披露問題常與 SQL 注入、跨站腳本與SSRF 相關,可能在 軟體部署與生產負載 場景中帶來 工作階段劫持與資料外洩 等暴露風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2023-42322 | Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information. | [email protected] | 9.8 | 0.66% | 2023-09-20 | 2024-11-21 |
| CVE-2023-42321 | Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files. | [email protected] | 8.8 | 0.36% | 2023-09-20 | 2024-11-21 |
| CVE-2019-14976 | iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. | [email protected] | 6.1 | 0.83% | 2019-08-12 | 2024-11-21 |
| CVE-2019-6259 | An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter. | [email protected] | 9.8 | 1.50% | 2019-01-14 | 2024-11-21 |
| CVE-2018-18702 | spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion. | [email protected] | 9.8 | 1.45% | 2018-10-29 | 2024-11-21 |
| CVE-2018-16314 | An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header. | [email protected] | 8.8 | 0.66% | 2018-09-01 | 2024-11-21 |
| CVE-2018-15895 | An SSRF vulnerability was discovered in idreamsoft iCMS 7.0.11 because the remote function in app/spider/spider_tools.class.php does not block DNS hostnames associated with private and reserved IP addresses, as demonstrated by 127.0.0.1 in an A record. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14858. | [email protected] | 7.5 | 1.49% | 2018-08-27 | 2024-11-21 |
| CVE-2018-14858 | An SSRF vulnerability was discovered in idreamsoft iCMS before V7.0.11 because the remote function in app/spider/spider_tools.class.php does not block private and reserved IP addresses such as 10.0.0.0/8. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-14514. | [email protected] | 7.5 | 1.47% | 2018-08-02 | 2024-11-21 |
| CVE-2018-14514 | An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact. | [email protected] | 9.8 | 1.63% | 2018-07-23 | 2024-11-21 |
| CVE-2018-14415 | An issue was discovered in idreamsoft iCMS before 7.0.10. XSS exists via the fourth and fifth input elements on the admincp.php?app=prop&do=add screen. | [email protected] | 6.1 | 0.83% | 2018-07-20 | 2024-11-21 |
| CVE-2018-12498 | spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php. | [email protected] | 9.8 | 1.45% | 2018-06-15 | 2024-11-21 |
| CVE-2018-10250 | iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search. | [email protected] | 5.4 | 0.64% | 2018-04-20 | 2024-11-21 |
| CVE-2018-10222 | An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP. | [email protected] | 8.8 | 0.61% | 2018-04-19 | 2024-11-21 |
| CVE-2018-10117 | An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP. | [email protected] | 8.8 | 0.55% | 2018-04-16 | 2024-11-21 |
| CVE-2018-9925 | An issue was discovered in idreamsoft iCMS through 7.0.7. XSS exists via the nickname field in an admincp.php?app=user&do=save&frame=iPHP request. | [email protected] | 5.4 | 0.64% | 2018-04-10 | 2024-11-21 |
| CVE-2018-9924 | An issue was discovered in idreamsoft iCMS through 7.0.7. SQL injection exists via the pid array parameter in an admincp.php?app=tag&do=save&frame=iPHP request. | [email protected] | 9.8 | 1.47% | 2018-04-10 | 2024-11-21 |
| CVE-2018-9923 | An issue was discovered in idreamsoft iCMS through 7.0.7. CSRF exists in admincp.php, as demonstrated by adding an article via an app=article&do=save&frame=iPHP request. | [email protected] | 8.8 | 0.62% | 2018-04-10 | 2024-11-21 |
| CVE-2018-9922 | An issue was discovered in idreamsoft iCMS through 7.0.7. Physical path leakage exists via an invalid nickname field that reveals a core/library/weixin.class.php pathname. | [email protected] | 5.3 | 1.19% | 2018-04-10 | 2024-11-21 |