icmsdev CVE Vulnerabilities & Metrics

Focus on icmsdev vulnerabilities and metrics.

Last updated: 16 Apr 2025, 22:25 UTC

About icmsdev Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with icmsdev. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total icmsdev CVEs: 11
Earliest CVE date: 16 Apr 2018, 09:58 UTC
Latest CVE date: 20 Sep 2023, 21:15 UTC

Latest CVE reference: CVE-2023-42322

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 0

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -100.0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -100.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical icmsdev CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.29

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	4
7.0-8.9	4
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS icmsdev CVEs

These are the five CVEs with the highest CVSS scores for icmsdev, sorted by severity first and recency.

CVE-2019-6259 icmsdev Published on 14 Jan 2019, 14:29 UTC (CVSS: 7.5)
An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.
CVE-2018-18702 icmsdev Published on 29 Oct 2018, 12:29 UTC (CVSS: 7.5)
spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.
CVE-2018-14514 icmsdev Published on 23 Jul 2018, 08:29 UTC (CVSS: 7.5)
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
CVE-2018-12498 icmsdev Published on 15 Jun 2018, 19:29 UTC (CVSS: 7.5)
spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.
CVE-2018-16314 icmsdev Published on 01 Sep 2018, 18:29 UTC (CVSS: 6.8)
An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.

All CVEs for icmsdev

CVE-2023-42322 icmsdev vulnerability CVSS: 0 20 Sep 2023, 21:15 UTC

Insecure Permissions vulnerability in icmsdev iCMS v.7.0.16 allows a remote attacker to obtain sensitive information.

CVE-2023-42321 icmsdev vulnerability CVSS: 0 20 Sep 2023, 21:15 UTC

Cross Site Request Forgery (CSRF) vulnerability in icmsdev iCMSv.7.0.16 allows a remote attacker to execute arbitrary code via the user.admincp.php, members.admincp.php, and group.admincp.php files.

CVE-2019-14976 icmsdev vulnerability CVSS: 4.3 12 Aug 2019, 22:15 UTC

iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter.

CVE-2019-6259 icmsdev vulnerability CVSS: 7.5 14 Jan 2019, 14:29 UTC

An issue was discovered in idreamsoft iCMS V7.0.13. There is SQL Injection via the app/article/article.admincp.php _data_id parameter.

CVE-2018-18702 icmsdev vulnerability CVSS: 7.5 29 Oct 2018, 12:29 UTC

spider.admincp.php in iCMS v7.0.11 allows SQL injection via admincp.php?app=spider&do=import_rule because the upfile content is base64 decoded, deserialized, and used for database insertion.

CVE-2018-16314 icmsdev vulnerability CVSS: 6.8 01 Sep 2018, 18:29 UTC

An issue was discovered in admincp.php in idreamsoft iCMS 7.0.11. When verifying CSRF_TOKEN, if CSRF_TOKEN does not exist, only the Referer header is validated, which can be bypassed via an admincp.php substring in this header.

CVE-2018-14514 icmsdev vulnerability CVSS: 7.5 23 Jul 2018, 08:29 UTC

An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.

CVE-2018-12498 icmsdev vulnerability CVSS: 7.5 15 Jun 2018, 19:29 UTC

spider.admincp.php in iCMS v7.0.8 has SQL Injection via the id parameter in an app=spider&do=batch request to admincp.php.

CVE-2018-10250 icmsdev vulnerability CVSS: 3.5 20 Apr 2018, 18:29 UTC

iCMS V7.0.8 has XSS via the admincp.php keywords parameter in a weixin_category action, aka a WeChat Classified Management keyword search.

CVE-2018-10222 icmsdev vulnerability CVSS: 6.8 19 Apr 2018, 08:29 UTC

An issue was discovered in idreamsoft iCMS V7.0. There is a CSRF vulnerability that can add a Column via /admincp.php?app=article_category&do=save&frame=iPHP.

CVE-2018-10117 icmsdev vulnerability CVSS: 6.8 16 Apr 2018, 09:58 UTC

An issue was discovered in idreamsoft iCMS V7.0.7. There is a CSRF vulnerability that can add an admin account via admincp.php?app=members&do=save&frame=iPHP.