CVE-2018-18702

Name of the Vulnerable Software and Affected Versions iCMS version 7.0.11

Description The issue concerns SQL injection in the spider.admincp.php file of iCMS. This occurs because the content of upfile is base64 decoded, deserialized, and then used for database insertion, specifically through the admincp.php?app=spider&do=import rule endpoint.

Recommendations For iCMS version 7.0.11, consider restricting access to the spider.admincp.php file and the admincp.php?app=spider&do=import rule endpoint to minimize the risk of exploitation. Avoid using the upfile content for database insertion until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.