s-cms vulnerabilities and exploits

7.5
CVSSv2
CVE-2019-6805

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter....

4.3
CVSSv2
CVE-2019-17368

S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter....

5
CVSSv2
CVE-2018-19331

An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter....

5
CVSSv2
CVE-2018-20478

An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value....

7.5
CVSSv2
CVE-2009-0863

SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter....

MatteoiammarroneS-cms
7.5
CVSSv2
CVE-2010-4771

SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter....

MatteoiammarroneS-cms
4.3
CVSSv2
CVE-2018-19145

An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter....

4.3
CVSSv2
CVE-2018-20476

An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter....

4.3
CVSSv2
CVE-2019-9925

S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter....

6.8
CVSSv2
CVE-2019-10237

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040....