Note:
This project will be discontinued after December 13, 2021. [more]
Product:
S\-Cms
(S\-Cms)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 41 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2023-12-21 | CVE-2023-51050 | S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. | S\-Cms | 9.8 | ||
2022-12-09 | CVE-2022-4377 | A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability. | S\-Cms | 5.4 | ||
2023-05-05 | CVE-2023-29963 | S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. | S\-Cms | 7.2 | ||
2022-02-14 | CVE-2022-23336 | S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | S\-Cms | 9.8 | ||
2021-12-22 | CVE-2020-20425 | S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. | S\-Cms | 6.1 | ||
2021-12-22 | CVE-2020-20426 | S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. | S\-Cms | 6.1 | ||
2021-10-14 | CVE-2020-19954 | An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. | S\-Cms | 7.5 | ||
2021-09-15 | CVE-2020-19158 | Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'. | S\-Cms | 5.4 | ||
2021-09-01 | CVE-2020-20340 | A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. | S\-Cms | 7.5 | ||
2021-08-31 | CVE-2020-19046 | Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='. | S\-Cms | 5.4 |