Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s-cms vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-4377
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack...
S-cms S-cms 5.0
9.8
CVSSv3
CVE-2022-23336
S-CMS v5.0 exists to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
S-cms S-cms 5.0
6.1
CVSSv3
CVE-2020-20425
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
S-cms S-cms 5.0
6.1
CVSSv3
CVE-2020-20426
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
S-cms S-cms 5.0
7.5
CVSSv3
CVE-2020-19954
An XML External Entity (XXE) vulnerability exists in /api/notify.php in S-CMS 3.0 which allows malicious users to read arbitrary files.
S-cms S-cms 3.0
9.8
CVSSv3
CVE-2021-37270
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
S-cms Cms Enterprise Website Construction System 5.0
5.4
CVSSv3
CVE-2020-19158
Cross Site Scripting (XSS) in S-CMS build 20191014 and previous versions allows remote malicious users to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
S-cms S-cms 2019-10-14
7.5
CVSSv3
CVE-2020-20340
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows malicious users to access sensitive database information.
S-cms S-cms 1.0
5.4
CVSSv3
CVE-2020-19046
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote malicious users to execute arbitrary code via the component '/admin/tpl.php?page='.
S-cms S-cms 1.0
7.2
CVSSv3
CVE-2020-20698
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows malicious users to getshell via modification of a PHP file.
S-cms S-cms 3.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
validation
CVE-2024-34413
CVE-2024-34089
CVE-2024-33408
local
SQL
CVE-2024-0402
CVE-2024-33910
CVE-2024-31848
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »