Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s-cms vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-20699
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
S-cms S-cms 3.0
3.5
CVSSv2
CVE-2020-20700
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
S-cms S-cms 3.0
7.5
CVSSv2
CVE-2022-23336
S-CMS v5.0 exists to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
S-cms S-cms 5.0
6.8
CVSSv2
CVE-2019-9040
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
S-cms S-cms 3.0
5
CVSSv2
CVE-2018-20018
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.
S-cms S-cms 3.0
4.3
CVSSv2
CVE-2018-20476
An issue exists in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.
S-cms S-cms 3.0
7.5
CVSSv2
CVE-2018-20477
An issue exists in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.
S-cms S-cms 3.0
5
CVSSv2
CVE-2018-20478
An issue exists in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value.
S-cms S-cms 1.0
7.5
CVSSv2
CVE-2018-20479
An issue exists in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.
S-cms S-cms 1.0
7.5
CVSSv2
CVE-2018-20480
An issue exists in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.
S-cms S-cms 1.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »