CVE-2018-10117

Name of the Vulnerable Software and Affected Versions: idreamsoft iCMS version 7.0.7

Description: An issue was discovered in idreamsoft iCMS, where there is a CSRF vulnerability. This vulnerability can be exploited to add an admin account via the "admincp.php?app=members&do=save&frame=iPHP" endpoint. The admincp.php endpoint is used for administrative tasks, and the app=members and do=save parameters are related to member management. The frame=iPHP parameter is likely related to the framework or library used by the application.

Recommendations: For idreamsoft iCMS version 7.0.7, as a temporary workaround, consider implementing CSRF protection measures, such as token-based validation, to prevent unauthorized requests to the "admincp.php?app=members&do=save&frame=iPHP" endpoint. At the moment, there is no information about a newer version that contains a fix for this vulnerability.