s-cms s-cms 3.0 vulnerabilities and exploits

(subscribe to this query)

6.5

CVSSv2

A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows malicious users to getshell via modification of a PHP file.

S-cms S-cms 3.0

3.5

CVSSv2

A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload.

S-cms S-cms 3.0

4.3

CVSSv2

s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.

S-cms S-cms 3.0

5

CVSSv2

An XML External Entity (XXE) vulnerability exists in /api/notify.php in S-CMS 3.0 which allows malicious users to read arbitrary files.

S-cms S-cms 3.0

6.8

CVSSv2

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.

S-cms S-cms 3.0

7.5

CVSSv2

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.

S-cms S-cms 3.0

5

CVSSv2

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.

S-cms S-cms 3.0

9

CVSSv2

s-cms 3.0 allows remote malicious users to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.

S-cms S-cms 3.0

4.3

CVSSv2

An issue exists in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.

S-cms S-cms 3.0

7.5

CVSSv2

An issue exists in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.

S-cms S-cms 3.0

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook