Chubby ChubbyZ
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE-ID] | |
| CVE-2023-42321 | |
| [CNVD-ID] | |
| CNVD-2023-68150 | |
| [Description] | |
| In the iCMS V7.0.16 version, the session in the session is hijacked, and members, roles and administrator accounts can be added arbitrarily without logging in to the account. | |
| ------------------------------------------ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE-ID] | |
| CVE-2023-42322 | |
| [CNVD-ID] | |
| CNVD-2023-66769 | |
| [Description] | |
| In the icms V7.0.16 version, the attacker obtains the session through some means and can hijack the session of the website. You can perform operations on the website backend without logging in, such as deleting any files, comments, users, etc. | |
| ------------------------------------------ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE-ID] | |
| CVE-2023-40953 | |
| ------------------------------------------ | |
| [Description] | |
| icms 7.0.16 is vulnerable to Cross Site Request Forgery (CSRF). |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE-ID] | |
| CVE-2023-39805 | |
| ------------------------------------------ | |
| [Description] | |
| iCMS v7.0.16 was discovered to contain a SQL injection vulnerability | |
| via the where parameter at admincp.php. | |
| ------------------------------------------ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [CVE-ID] | |
| CVE-2023-39806 | |
| ------------------------------------------ | |
| [Description] | |
| iCMS v7.0.16 was discovered to contain a SQL injection vulnerability | |
| via the bakupdata function. | |
| ------------------------------------------ |