Latest s-cms s-cms Vulnerabilities

CVE-2023-29962
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
S-cms S-cms=5.0
CVE-2023-7191
S-CMS reg.php sql injection
=1.0
=1.5
=2.0-build_20220529-20231006
CVE-2023-7190
S-CMS sql injection
=1.0
=1.5
=2.0-build_20220529-20231006
CVE-2023-7189
S-CMS sql injection
=1.0
=1.5
=2.0-build_20220529-20231006
CVE-2023-51050
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.
S-cms S-cms=5.0
CVE-2023-51051
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.
S-cms S-cms=5.0
CVE-2023-51049
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.
S-cms S-cms=5.0
CVE-2023-51052
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.
S-cms S-cms=5.0
CVE-2023-51048
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.
S-cms S-cms=5.0
CVE-2023-29963
S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.
S-cms S-cms=5.0
CVE-2022-23336
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
S-cms S-cms=5.0
CVE-2020-20425
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
S-cms S-cms=5.0
CVE-2020-20426
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
S-cms S-cms=5.0
CVE-2020-19954
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
S-cms S-cms=3.0
CVE-2020-19158
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
S-cms S-cms=2019-10-14
CVE-2020-20340
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
S-cms S-cms=1.0
CVE-2020-19046
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
S-cms S-cms=1.0
CVE-2020-20698
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
S-cms S-cms=3.0
CVE-2020-20699
S-cms S-cms=3.0
CVE-2020-20700
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text b...
S-cms S-cms=3.0
CVE-2019-17368
S-cms S-cms=1.5
CVE-2019-16312
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.
S-cms S-cms=3.0
CVE-2019-10708
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.
S-cms S-cms=1.0
CVE-2019-10237
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.
S-cms S-cms=1.0
CVE-2019-9925
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
S-cms S-cms=1.0
CVE-2019-9040
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
S-cms S-cms=3.0
CVE-2018-20478
An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName...
S-cms S-cms=1.0
CVE-2018-20477
An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.
S-cms S-cms=3.0
=3.0
CVE-2018-20480
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.
S-cms S-cms=1.0
CVE-2018-20479
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.
S-cms S-cms=1.0
CVE-2018-20476
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.
S-cms S-cms=3.0
=3.0
CVE-2018-20018
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.
S-cms S-cms=3.0
CVE-2018-19331
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.
S-cms S-cms=1.5
CVE-2018-19332
S-cms S-cms=1.5
CVE-2018-19145
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.
S-cms S-cms=1.5
CVE-2018-18887
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
S-cms S-cms=1.0
CVE-2018-18427
s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.
S-cms S-cms=3.0
CVE-2018-18426
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
S-cms S-cms=3.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203