Filtered by vendor S-cms
Subscriptions
Total
42 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2023-7191 | 1 S-cms | 1 S-cms | 2024-11-21 | 5.5 Medium |
A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-7190 | 1 S-cms | 1 S-cms | 2024-11-21 | 5.5 Medium |
A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-7189 | 1 S-cms | 1 S-cms | 2024-11-21 | 5.5 Medium |
A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | ||||
CVE-2023-51052 | 1 S-cms | 1 S-cms | 2024-11-21 | 9.8 Critical |
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. | ||||
CVE-2023-51051 | 1 S-cms | 1 S-cms | 2024-11-21 | 9.8 Critical |
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. | ||||
CVE-2023-51050 | 1 S-cms | 1 S-cms | 2024-11-21 | 9.8 Critical |
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. | ||||
CVE-2023-51049 | 1 S-cms | 1 S-cms | 2024-11-21 | 9.8 Critical |
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. | ||||
CVE-2023-51048 | 1 S-cms | 1 S-cms | 2024-11-21 | 9.8 Critical |
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. | ||||
CVE-2023-29963 | 1 S-cms | 1 S-cms | 2024-11-21 | 7.2 High |
S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. | ||||
CVE-2023-29962 | 1 S-cms | 1 S-cms | 2024-11-21 | 6.5 Medium |
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. | ||||
CVE-2022-4377 | 1 S-cms | 1 S-cms | 2024-11-21 | 3.5 Low |
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability. | ||||
CVE-2022-23336 | 1 S-cms | 1 S-cms | 2024-11-21 | 9.8 Critical |
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | ||||
CVE-2021-37270 | 1 S-cms | 1 Cms Enterprise Website Construction System | 2024-11-21 | 9.8 Critical |
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority. | ||||
CVE-2020-20701 | 1 S-cms | 1 S-cms | 2024-11-21 | 4.8 Medium |
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
CVE-2020-20700 | 1 S-cms | 1 S-cms | 2024-11-21 | 4.8 Medium |
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box. | ||||
CVE-2020-20699 | 1 S-cms | 1 S-cms | 2024-11-21 | 4.8 Medium |
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings. | ||||
CVE-2020-20698 | 1 S-cms | 1 S-cms | 2024-11-21 | 7.2 High |
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file. | ||||
CVE-2020-20426 | 1 S-cms | 1 S-cms | 2024-11-21 | 6.1 Medium |
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. | ||||
CVE-2020-20425 | 1 S-cms | 1 S-cms | 2024-11-21 | 6.1 Medium |
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. | ||||
CVE-2020-20340 | 1 S-cms | 1 S-cms | 2024-11-21 | 7.5 High |
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. |