CVE-2022-41496 iCMS v7.0.16 had an SSRF attack via the admincp.php url parameter.

SSRFs allow attackers to execute arbitrary code on a server when a user follows a malicious link.

CVE-2018-17346 at XSS via url parameter at admincp.php.

CVE-2018-17348 at XSS via url parameter at admincp.php.

CVE-2018-17349 at XSS via url parameter at admincp.php.

CVE-2018-17350 at XSS via url parameter at admincp.php.

CVE-2018-17351 at XSS via url parameter at admincp.php.

CVE-2018-17352 at XSS via url parameter at admincp.php.

CVE-2018-17353 at XSS via url parameter at admincp.php.

CVE-2018-17354 at XSS via url parameter at admincp.php.

CVE-2018-17355 at XSS via url parameter at admincp.php.

CVE-2018-17356 at XSS via url parameter at admincp.php.

CVE-2018-17357 at XSS via url parameter at admincp.php.

CVE-2018-17358 at XSS via url parameter at admincp.php.

CVE-2018-17359 at XSS via url parameter at admincp.php.

CVE-2018-17360 at XSS via url parameter at admincp.php.

There's more information available on the Hexer Labs website a target="_blank" href="http://hexerlab

.com/">Hexer Labs website.

A target="_blank" href="http://hexerlab.com/">Hexer Labs website contains the following vulnerabilities:

CVE-2018-17360 at XSS via url parameter at admincp.php.
CVE-2018-17359 at XSS via url parameter at admincp.php.

Coverage

- CVE-2018-17356 at XSS via url parameter at admincp.php.

Timeline

Published on: 10/13/2022 21:15:00 UTC
Last modified on: 10/14/2022 09:28:00 UTC

References

• https://github.com/jayus0821/insight/blob/master/iCMS%20SSRF.md
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-41496