📦 Icms

CVE-2023-39805 is a SQL injection vulnerability in iCMS v7.0.16 that allows attackers to execute arbitrary SQL commands via the where parameter in admincp.php. This affects all users running the vulne...

This CVE describes a server-side template injection (SSTI) vulnerability in iCMS that allows authenticated users to add and render custom templates, leading to remote code execution. The vulnerability...

This path traversal vulnerability in iCMS v7.0.13 allows remote attackers to delete arbitrary folders on the server by sending specially crafted HTTP requests to the database.admincp.php component. At...

CVE-2020-19527 is a critical OS command injection vulnerability in iCMS 7.0.14 that allows attackers to execute arbitrary commands on the server by injecting shell metacharacters into the DB_NAME para...

CVE-2023-40953 is a Cross-Site Request Forgery (CSRF) vulnerability in icms 7.0.16 that allows attackers to trick authenticated users into performing unintended actions, such as modifying settings or ...

This CVE describes a directory traversal vulnerability in iCMS content management system that allows attackers to read arbitrary files on the server. The vulnerability affects iCMS versions up to and ...

This CSRF vulnerability in iCMS 7.0.16 allows attackers to trick authenticated users into executing malicious web scripts without their knowledge. Attackers can perform unauthorized actions on behalf ...

This vulnerability allows remote attackers to execute arbitrary code on iCMS systems through code injection in the configuration parameter handler. Attackers can exploit this by manipulating POST para...