CVE-2018-20018: SQL Injection
First published: Mon Dec 10 2018(Updated: )
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| S-cms S-cms | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2018-20018?
CVE-2018-20018 is a vulnerability that allows SQL injection in S-CMS V3.0 via the S_id parameter.
How can I exploit CVE-2018-20018?
We do not provide information on how to exploit vulnerabilities. It is recommended to patch or update affected software to mitigate the risk.
What is the severity of CVE-2018-20018?
CVE-2018-20018 has a severity rating of 7.5 (high).
How do I fix CVE-2018-20018?
To fix CVE-2018-20018, you should update your S-CMS installation to a version that is not vulnerable. It is recommended to apply a patch or upgrade to the latest version.
Where can I find more information about CVE-2018-20018?
You can find more information about CVE-2018-20018 at the following reference link: [https://github.com/QQ704568679/-/blob/master/README.md]
What is CWE-89?
CWE-89 is a weakness that refers to SQL injection vulnerabilities.
- collector/nvd-index
- vendor/s-cms
- canonical/s-cms s-cms
- version/s-cms s-cms/3.0