CVE-2018-16320

Name of the Vulnerable Software and Affected Versions idreamsoft iCMS version 7.0.11

Description The issue allows for Directory Traversal, resulting in the execution of arbitrary PHP code from a ZIP file. This can be achieved through the admincp.php application, specifically by accessing the app=config parameter.

Recommendations For idreamsoft iCMS version 7.0.11, consider restricting access to the admincp.php application and the app=config parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.