Skip to main content

Icms

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2025-15394 LOW POC Monitor

Code injection in iCMS up to version 8.0.0 allows remote attackers with high privileges to inject arbitrary code via the config POST parameter in the ConfigAdmincp.php component. The vulnerability affects the Save function's parameter handling and has publicly available exploit code, though the extremely low CVSS score (2.0) reflects the requirement for high-privileged authenticated access, limiting real-world risk despite public exploit availability.

PHP Code Injection Icms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-15394
EPSS 0% CVSS 2.0
LOW POC Monitor

Code injection in iCMS up to version 8.0.0 allows remote attackers with high privileges to inject arbitrary code via the config POST parameter in the ConfigAdmincp.php component. The vulnerability affects the Save function's parameter handling and has publicly available exploit code, though the extremely low CVSS score (2.0) reflects the requirement for high-privileged authenticated access, limiting real-world risk despite public exploit availability.

PHP Code Injection Icms
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy