An issue was discovered in idreamsoft iCMS V7.0. admincp.php?app=members&do=del allows CSRF.
idreamsoft
CVE-2019-11427
An XSS issue was discovered in app/search/search.app.php in idreamsoft iCMS 7.0.14 via the public/api.php?app=search q parameter.
CVE-2019-11426
An XSS issue was discovered in app/admincp/template/admincp.header.php in idreamsoft iCMS 7.0.14 via the admincp.php?app=config tab parameter.
CVE-2021-44978
iCMS <= 8.0.0 allows users to add and render a comtom template, which has a SSTI vulnerability which causes remote code execution.
CVE-2021-44977
In iCMS <=8.0.0, a directory traversal vulnerability allows an attacker to read arbitrary files.
CVE-2022-41496
iCMS v7.0.16 was discovered to contain a Server-Side Request Forgery (SSRF) via the url parameter at admincp.php.