What is the severity of CVE-2023-7191?

CVE-2023-7191 is classified as a critical vulnerability.

How do I fix CVE-2023-7191?

To fix CVE-2023-7191, upgrade S-CMS to a patched version that addresses the SQL injection issue.

What software versions are affected by CVE-2023-7191?

CVE-2023-7191 affects S-CMS versions up to 2.0_build20220529-20231006, including versions 1.0 and 1.5.

What type of vulnerability is CVE-2023-7191?

CVE-2023-7191 is an SQL injection vulnerability found in the member/reg.php file.

Is CVE-2023-7191 publicly disclosed?

Yes, the exploit for CVE-2023-7191 has been disclosed to the public.

Vulnerability/
CVE-2023-7191

high

8.8

CWE

EPSS

0.064%

31/12/2023

2/8/2024

CVE-2023-7191: S-CMS reg.php sql injection

First published: Sun Dec 31 2023(Updated: )

A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Credit: cna@vuldb.com

Affected Software	Affected Version	How to fix
Simasy CMS	=1.0
Simasy CMS	=1.5
Simasy CMS	=2.0-build_20220529-20231006

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-7191?
CVE-2023-7191 is classified as a critical vulnerability.
How do I fix CVE-2023-7191?
To fix CVE-2023-7191, upgrade S-CMS to a patched version that addresses the SQL injection issue.
What software versions are affected by CVE-2023-7191?
CVE-2023-7191 affects S-CMS versions up to 2.0_build20220529-20231006, including versions 1.0 and 1.5.
What type of vulnerability is CVE-2023-7191?
CVE-2023-7191 is an SQL injection vulnerability found in the member/reg.php file.
Is CVE-2023-7191 publicly disclosed?
Yes, the exploit for CVE-2023-7191 has been disclosed to the public.

agent/type
agent/first-publish-date
agent/severity
agent/title
agent/weakness
agent/author
agent/references
agent/description
collector/epss-latest
source/FIRST
agent/epss
agent/event
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/source
agent/softwarecombine
agent/tags
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/s-cms
canonical/simasy cms
version/simasy cms/1.0
version/simasy cms/1.5
version/simasy cms/2.0-build_20220529-20231006

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.