Back to Explorer

CVE-2025-15394

PUBLISHED
12/31/2025 1af790b2-7ee1-4545-860a-a788eba489b5

Technical Description

A vulnerability was detected in iCMS up to 8.0.0. Affected is the function Save of the file app/config/ConfigAdmincp.php of the component POST Parameter Handler. The manipulation of the argument config results in code injection. The attack can be launched remotely. The exploit is now public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Products

n/a
iCMS
8.0

References

https://vuldb.com/?id.339163
VDB-339163 | iCMS POST Parameter ConfigAdmincp.php save code injection
https://vuldb.com/?ctiid.339163
VDB-339163 | CTI Indicators (IOB, IOC, TTP, IOA)
https://vuldb.com/?submit.719029
Submit #719029 | ICMS https://www.icmsdev.com/ 8.0.0 Code Injection
https://note-hxlab.wetolink.com/share/QWuWZeAmzUdm
External Link

Impact Analysis

Attack Vector Network
Attack Complexity Low
Privileges Required None