PT-2025-54436 · Icms · Icms
Hiro
·
Published
2025-12-31
·
Updated
2025-12-31
·
CVE-2025-15394
CVSS v3.1
7.2
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
iCMS versions up to 8.0.0
Description
A code injection issue exists in iCMS due to manipulation of the
config argument within the Save function located in the file app/config/ConfigAdmincp.php, part of the POST Parameter Handler component. This allows for remote attacks. The exploit is publicly available, and the vendor was notified but did not respond.Recommendations
Versions prior to 8.0.0 should be updated.
Exploit
Fix
Special Elements Injection
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Icms