CVE-2025-15394 | iCMS up to 8.0.0 POST Parameter ConfigAdmincp.php save config code injection

Inserito da Angelo Barbosa | Dic 31, 2025 | CVE

A vulnerability described as critical has been identified in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection.

This vulnerability is reported as CVE-2025-15394. The attack can be launched remotely. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-15394 | iCMS up to 8.0.0 POST Parameter ConfigAdmincp.php save config code injection

Post correlati

CVE-2024-23368 | Qualcomm Snapdragon up to QCN50 SMEM Partition buffer overflow

CVE-2024-25217 | Online Medicine Ordering System 1.0 id sql injection

CVE-2024-48544 | Sylvania Smart Home 3.0.3 Firmware Update information disclosure

CVE-2024-52328 | ECOVACS Robot Lawn Mower/Robot Vacuum /data permission assignment