Note:
This project will be discontinued after December 13, 2021. [more]
Product:
S\-Cms
(S\-Cms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-12-31 | CVE-2023-7189 | A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | S\-Cms | 8.8 | ||
| 2023-12-31 | CVE-2023-7190 | A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | S\-Cms | 8.8 | ||
| 2023-12-31 | CVE-2023-7191 | A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | S\-Cms | 8.8 | ||
| 2018-12-26 | CVE-2018-20476 | An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter. | S\-Cms | 6.1 | ||
| 2018-12-26 | CVE-2018-20477 | An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field. | S\-Cms | 9.8 | ||
| 2024-01-04 | CVE-2023-29962 | S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. | S\-Cms | 6.5 | ||
| 2023-12-21 | CVE-2023-51051 | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. | S\-Cms | 9.8 | ||
| 2023-12-21 | CVE-2023-51052 | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. | S\-Cms | 9.8 | ||
| 2023-12-21 | CVE-2023-51049 | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. | S\-Cms | 9.8 | ||
| 2023-12-21 | CVE-2023-51048 | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. | S\-Cms | 9.8 |