CWE-22

CVE-2019-7235

February 26, 2023 by

An issue was discovered in idreamsoft iCMS 7.0.13. admincp.php?app=apps&do=save allows directory traversal via _app=/../ to designate an arbitrary directory because of an apps.admincp.php error. This directory can then be deleted via an admincp.php?app=apps&do=uninstall request.

CVE-2019-7236

February 26, 2023 by

An issue was discovered in idreamsoft iCMS 7.0.13. editor/editor.admincp.php allows admincp.php?app=editor&do=fileManager dir=../ Directory Traversal.

CVE-2019-7237

February 26, 2023 by

An issue was discovered in idreamsoft iCMS 7.0.13 on Windows. editor/editor.admincp.php allows admincp.php?app=files&do=browse .. Directory Traversal.

CVE-2019-7253

February 26, 2023 by

Linear eMerge E3-Series devices allow Directory Traversal.

CVE-2019-7254

February 26, 2023 by

Linear eMerge E3-Series devices allow File Inclusion.

CVE-2019-7160

February 26, 2023 by

idreamsoft iCMS 7.0.13 allows admincp.php?app=files ../ Directory Traversal via the udir parameter to files.admincp.php, resulting in execution of arbitrary PHP code from a ZIP file via the admincp.php?app=apps zipfile parameter to apps.admincp.php.