Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s-cms vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-4377
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack...
S-cms S-cms 5.0
7.5
CVSSv2
CVE-2022-23336
S-CMS v5.0 exists to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
S-cms S-cms 5.0
4.3
CVSSv2
CVE-2020-20426
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
S-cms S-cms 5.0
4.3
CVSSv2
CVE-2020-20425
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
S-cms S-cms 5.0
5
CVSSv2
CVE-2020-19954
An XML External Entity (XXE) vulnerability exists in /api/notify.php in S-CMS 3.0 which allows malicious users to read arbitrary files.
S-cms S-cms 3.0
10
CVSSv2
CVE-2021-37270
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
S-cms Cms Enterprise Website Construction System 5.0
3.5
CVSSv2
CVE-2020-19158
Cross Site Scripting (XSS) in S-CMS build 20191014 and previous versions allows remote malicious users to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
S-cms S-cms 2019-10-14
5
CVSSv2
CVE-2020-20340
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows malicious users to access sensitive database information.
S-cms S-cms 1.0
3.5
CVSSv2
CVE-2020-19046
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote malicious users to execute arbitrary code via the component '/admin/tpl.php?page='.
S-cms S-cms 1.0
6.5
CVSSv2
CVE-2020-20698
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows malicious users to getshell via modification of a PHP file.
S-cms S-cms 3.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
XXE
CVE-2024-34490
SQL injection
CVE-2024-34488
CVE-2024-4507
CVE-2023-7028
CVE-2024-23187
TCP
CVE-2024-4439
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »