Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
s-cms vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2018-19332
An issue exists in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.
S-cms S-cms 1.5
9.8
CVSSv3
CVE-2023-51050
S-CMS v5.0 exists to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.
S-cms S-cms 5.0
7.2
CVSSv3
CVE-2020-20698
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows malicious users to getshell via modification of a PHP file.
S-cms S-cms 3.0
6.1
CVSSv3
CVE-2018-19145
An issue exists in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.
S-cms S-cms 1.5
8.8
CVSSv3
CVE-2018-18426
s-cms 3.0 allows remote malicious users to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
S-cms S-cms 3.0
9.8
CVSSv3
CVE-2018-18427
s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.
S-cms S-cms 3.0
9.8
CVSSv3
CVE-2018-18887
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
S-cms S-cms 1.0
9.8
CVSSv3
CVE-2019-6805
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
S-cms S-cms 3.0
5.4
CVSSv3
CVE-2022-4377
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack...
S-cms S-cms 5.0
6.1
CVSSv3
CVE-2019-17368
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
S-cms S-cms 1.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
NEXT »