Skip to main content

Sdcms

5 CVEs product

Monthly

CVE-2019-9652 HIGH POC This Week

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Sdcms
NVD
CVSS 3.0
8.8
EPSS
0.6%
CVE-2019-9651 CRITICAL POC Act Now

An issue was discovered in SDCMS V1.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE Sdcms
NVD
CVSS 3.0
9.8
EPSS
2.6%
CVE-2018-19748 HIGH POC This Week

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Sdcms
NVD GitHub
CVSS 3.0
7.5
EPSS
2.0%
CVE-2018-19520 HIGH POC This Week

An issue was discovered in SDCMS 1.6 with PHP 5.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP Sdcms
NVD GitHub
CVSS 3.0
8.8
EPSS
2.9%
CVE-2018-11004 HIGH POC This Week

An issue was discovered in SDcms v1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Sdcms
NVD GitHub
CVSS 3.0
8.8
EPSS
0.6%
EPSS 1% CVSS 8.8
HIGH POC This Week

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP CSRF Sdcms
NVD
EPSS 3% CVSS 9.8
CRITICAL POC Act Now

An issue was discovered in SDCMS V1.7. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection PHP RCE +1
NVD
EPSS 2% CVSS 7.5
HIGH POC This Week

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal PHP Sdcms
NVD GitHub
EPSS 3% CVSS 8.8
HIGH POC This Week

An issue was discovered in SDCMS 1.6 with PHP 5.x. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE PHP +1
NVD GitHub
EPSS 1% CVSS 8.8
HIGH POC This Week

An issue was discovered in SDcms v1.5. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Sdcms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy