Idreamsoft: Security Vulnerabilities
iCMS v8.0.0 contains a Cross-Site Scripting (XSS) vulnerability in the User Management component, specifically within the index.html file. This allows remote attackers to execute arbitrary web script or HTML via the regip or loginip parameters.
CVSS Score
6.1
EPSS Score
0.0
Published
2026-03-24
A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.1
EPSS Score
0.001
Published
2025-12-31
icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF).
CVSS Score
8.8
EPSS Score
0.001
Published
2023-09-08
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the where parameter at admincp.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-10
iCMS v7.0.16 was discovered to contain a SQL injection vulnerability via the bakupdata function.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-08-10
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2022-10-13
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
CVSS Score
7.5
EPSS Score
0.004
Published
2022-02-04
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
CVSS Score
9.8
EPSS Score
0.027
Published
2022-02-04
iCMS v7.0.15 was discovered to contain a Cross-Site Request Forgery (CSRF) via /admincp.php?app=members&do=add.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-11-12
A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts.
CVSS Score
8.8
EPSS Score
0.001
Published
2021-05-28
Page 1