CVE-2018-9924

Name of the Vulnerable Software and Affected Versions idreamsoft iCMS versions prior to 7.0.8

Description An issue exists in the software where SQL injection is possible. This occurs via the pid array parameter in an "admincp.php?app=tag&do=save&frame=iPHP" request.

Recommendations For versions prior to 7.0.8, update to version 7.0.8 or later to resolve the issue.