Skip to main content

S Cms

32 CVEs product

Monthly

CVE-2023-29962 MEDIUM POC This Month

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal S Cms
NVD GitHub
CVSS 3.1
6.5
EPSS
0.1%
CVE-2023-7191 HIGH This Week

A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-7190 HIGH This Week

A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-7189 HIGH This Week

A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD VulDB
CVSS 3.1
8.8
EPSS
0.5%
CVE-2023-51052 CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-51051 CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-51050 CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-51049 CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-51048 CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
CVSS 3.1
9.8
EPSS
0.5%
CVE-2023-29963 HIGH POC This Week

S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP S Cms
NVD GitHub
CVSS 3.1
7.2
EPSS
1.6%
CVE-2022-4377 MEDIUM This Month

A vulnerability was found in S-CMS 5.0 Build 20220328. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS S Cms
NVD GitHub VulDB
CVSS 3.1
5.4
EPSS
0.4%
CVE-2020-20426 MEDIUM POC This Month

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-20425 MEDIUM POC This Month

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS S Cms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
0.9%
CVE-2019-17368 MEDIUM POC This Month

S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-16312 MEDIUM POC This Month

s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2019-10708 CRITICAL POC Act Now

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2019-10237 HIGH POC This Week

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF S Cms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-9925 MEDIUM POC This Month

S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
CVSS 3.0
6.1
EPSS
0.8%
CVE-2019-9040 HIGH This Week

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF S Cms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-6805 CRITICAL POC Act Now

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD GitHub
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-20480 CRITICAL POC Act Now

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-20479 CRITICAL POC Act Now

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-20478 HIGH POC This Week

An issue was discovered in S-CMS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP S Cms
NVD
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-20477 CRITICAL POC Act Now

An issue was discovered in S-CMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-20476 MEDIUM POC This Month

An issue was discovered in S-CMS 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-20018 HIGH POC This Week

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi S Cms
NVD GitHub
CVSS 3.0
7.5
EPSS
1.2%
CVE-2018-19332 HIGH POC This Week

An issue was discovered in S-CMS v1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP S Cms
NVD
CVSS 3.0
8.8
EPSS
0.5%
CVE-2018-19331 HIGH This Week

An issue was discovered in S-CMS v1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
7.5
EPSS
1.1%
CVE-2018-19145 MEDIUM POC This Month

An issue was discovered in S-CMS v1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
CVSS 3.0
6.1
EPSS
0.7%
CVE-2018-18887 CRITICAL POC Act Now

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.1%
CVE-2018-18427 CRITICAL POC Act Now

s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
CVSS 3.0
9.8
EPSS
1.2%
CVE-2018-18426 HIGH POC This Week

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP S Cms
NVD
CVSS 3.0
8.8
EPSS
2.4%
EPSS 0% CVSS 6.5
MEDIUM POC This Month

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal S Cms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP SQLi S Cms
NVD
EPSS 2% CVSS 7.2
HIGH POC This Week

S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection PHP +1
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM This Month

A vulnerability was found in S-CMS 5.0 Build 20220328. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS S Cms
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS S Cms
NVD GitHub VulDB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
EPSS 1% CVSS 8.8
HIGH POC This Week

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF S Cms
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
EPSS 1% CVSS 8.8
HIGH This Week

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP CSRF S Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in S-CMS 1.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

An issue was discovered in S-CMS 1.0. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure PHP S Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in S-CMS 3.0. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in S-CMS 3.0. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi S Cms
NVD GitHub
EPSS 0% CVSS 8.8
HIGH POC This Week

An issue was discovered in S-CMS v1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP S Cms
NVD
EPSS 1% CVSS 7.5
HIGH This Week

An issue was discovered in S-CMS v1.5. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi PHP S Cms
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

An issue was discovered in S-CMS v1.5. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP S Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi PHP S Cms
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy