Server-Side Request Forgery (SSRF) in iCMS - CVE-2018-14514
Published: July 23, 2018 / Updated: August 8, 2020
Vulnerability identifier: #VU36828
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2018-14514
CWE-ID: CWE-918
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: iCMS
Affected software:
iCMS
iCMS
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
An SSRF vulnerability was discovered in idreamsoft iCMS V7.0.9 that allows attackers to read sensitive files, access an intranet, or possibly have unspecified other impact.
How to mitigate CVE-2018-14514
Install update from vendor's website.