CVE-2019-17583

Name of the Vulnerable Software and Affected Versions idreamsoft iCMS version 7.0.15

Description The issue allows remote attackers to cause a denial of service due to resource consumption. This can be achieved by sending a query for many comments, for example, through the admincp.php?app=comment&perpage= endpoint followed by a large positive integer.

Recommendations For idreamsoft iCMS version 7.0.15, consider restricting access to the admincp.php?app=comment&perpage= endpoint to minimize the risk of exploitation. As a temporary workaround, limit the perpage parameter to prevent large positive integers from being processed. At the moment, there is no information about a newer version that contains a fix for this vulnerability.