Note:
This project will be discontinued after December 13, 2021. [more]
Product:
S\-Cms
(S\-Cms)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 41 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2021-07-30 | CVE-2020-20698 | A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file. | S\-Cms | 7.2 | ||
| 2021-07-30 | CVE-2020-20699 | A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings. | S\-Cms | 4.8 | ||
| 2021-07-30 | CVE-2020-20700 | A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box. | S\-Cms | 4.8 | ||
| 2021-07-30 | CVE-2020-20701 | A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | S\-Cms | 4.8 | ||
| 2019-10-09 | CVE-2019-17368 | S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. | S\-Cms | N/A | ||
| 2019-09-14 | CVE-2019-16312 | s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. | S\-Cms | N/A | ||
| 2019-03-22 | CVE-2019-9925 | S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. | S\-Cms | 6.1 | ||
| 2019-02-23 | CVE-2019-9040 | S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. | S\-Cms | 8.8 | ||
| 2019-01-25 | CVE-2019-6805 | SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. | S\-Cms | 9.8 | ||
| 2019-04-02 | CVE-2019-10708 | S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. | S\-Cms | 9.8 |