Severity by source
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
6DescriptionCVE.org
SSCMS v7.4.0 contains a SQL injection vulnerability in the stl:sqlContent tag where the queryString attribute is passed directly to database execution without parameterization or sanitization. Attackers can craft encrypted payloads submitted to the /api/stl/actions/dynamic endpoint to execute arbitrary SQL statements, leading to unauthorized database access, data disclosure, authentication bypass, data modification, or complete database compromise.
AnalysisAI
SQL injection in SSCMS v7.4.0 enables high-privileged attackers to execute arbitrary SQL statements via the stl:sqlContent tag's queryString attribute. Attackers with administrative access can craft encrypted payloads to the /api/stl/actions/dynamic endpoint, bypassing parameterization controls to achieve database compromise, authentication bypass, or complete data exfiltration. EPSS data not available; no confirmed active exploitation (CISA KEV negative); public exploit code availability unknown but detailed technical advisory published by VulnCheck increases weaponization risk.
Technical ContextAI
SSCMS (SiteServer CMS) is a .NET-based content management system maintained by SiteServer. The vulnerability exists in the STL (SiteServer Template Language) templating engine's stl:sqlContent tag, which allows dynamic database queries via the queryString attribute. The flaw arises from insufficient input sanitization before SQL execution - the system accepts encrypted payloads at the /api/stl/actions/dynamic endpoint without proper parameterized query implementation. This is a classic CWE-89 SQL injection vulnerability where user-controlled input flows directly into database commands. The CPE designation cpe:2.3:a:siteserver:sscms:*:*:*:*:*:*:*:* indicates the vulnerability affects the SiteServer SSCMS product line, with version 7.4.0 specifically confirmed vulnerable.
RemediationAI
Upgrade to a patched version of SSCMS beyond v7.4.0 when released by SiteServer; monitor the GitHub repository at https://github.com/siteserver/cms and issue tracker at https://github.com/siteserver/cms/issues/3891 for official vendor response and fix availability. No vendor-released patch version is confirmed in available data at time of analysis. As compensating controls until patch deployment: restrict administrative account access to trusted users only with strong MFA enforcement; audit all existing administrative accounts and disable unused ones; implement database-level query monitoring and alerting for suspicious SQL patterns originating from the SSCMS application user; consider disabling the stl:sqlContent tag functionality in template configurations if not required for production operations (note: this may break existing content features relying on dynamic queries); deploy web application firewall rules to inspect /api/stl/actions/dynamic endpoint traffic for SQL injection patterns, though encrypted payloads may evade signature-based detection; apply principle of least privilege to SSCMS database connection accounts to limit potential damage from successful exploitation.
An issue in the component /stl/actions/download?filePath of SSCMS v7.3.1 allows attackers to execute a directory travers
SSCMS 4.7.0's layerImage endpoint allows authenticated attackers to manipulate the filePaths parameter in LayerImageCont
SQL injection in SSCMS 7.4.0 via the tableHandWrite parameter in SitesAddController.Submit.cs allows authenticated remot
A path traversal vulnerability exists in SSCMS versions up to 7.4.0 within the PathUtils.RemoveParentPath function of th
SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component. R
SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management comp
SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component. Ra
Reflected cross-site scripting in SSCMS v7.4.0 allows authenticated attackers to inject arbitrary JavaScript through cra
Same weakness CWE-89 – SQL Injection
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-26437