Skip to main content

S Cms CVE-2023-29962

MEDIUM
Path Traversal (CWE-22)
2024-01-04 cve@mitre.org
6.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

3
Analysis Generated
Mar 28, 2026 - 19:33 vuln.today
PoC Detected
Jun 03, 2025 - 15:15 vuln.today
Public exploit code
CVE Published
Jan 04, 2024 - 06:15 nvd
MEDIUM 6.5

DescriptionCVE.org

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.

AnalysisAI

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Path Traversal (CWE-22), which allows attackers to access files and directories outside the intended path. S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. Affected products include: S-Cms.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate and canonicalize file paths. Use chroot or sandboxing. Reject input containing path separators or '../' sequences.

More in S Cms

View all
CVE-2019-10708 CRITICAL POC
9.8 Apr 02

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. Rated critical severity (CVSS 9.8), t

CVE-2019-6805 CRITICAL POC
9.8 Jan 25

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. Rated critical severity (CVSS

CVE-2018-20480 CRITICAL POC
9.8 Dec 26

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no

CVE-2018-20479 CRITICAL POC
9.8 Dec 26

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no

CVE-2018-20477 CRITICAL POC
9.8 Dec 26

An issue was discovered in S-CMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no

CVE-2018-18887 CRITICAL POC
9.8 Nov 01

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). Rated critical

CVE-2018-18427 CRITICAL POC
9.8 Oct 17

s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. Rated

CVE-2019-10237 HIGH POC
8.8 Mar 27

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&l

CVE-2018-19332 HIGH POC
8.8 Nov 17

An issue was discovered in S-CMS v1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no au

CVE-2018-18426 HIGH POC
8.8 Oct 17

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow va

CVE-2018-20478 HIGH POC
7.5 Dec 26

An issue was discovered in S-CMS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no aut

CVE-2018-20018 HIGH POC
7.5 Dec 10

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. Rated hig

Share

CVE-2023-29962 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy