Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sdcms vulnerabilities and exploits
(subscribe to this query)
605
VMScore
CVE-2019-9652
There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.
Sdcms Sdcms 1.7
445
VMScore
CVE-2018-19748
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL ...
Sdcms Sdcms 1.6
668
VMScore
CVE-2019-9651
An issue exists in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such...
Sdcms Sdcms 1.7
605
VMScore
CVE-2018-11004
An issue exists in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote malicious users to add administrator accounts via m=admin&c=admin&a=add.
Sdcms Sdcms 1.5
578
VMScore
CVE-2018-19520
An issue exists in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by lever...
Sdcms Sdcms 1.6
Php Php
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581
reflected XSS
CVE-2024-26925
CVE-2024-27956
LFI
CVE-2024-3607
CVE-2024-3107
CVE-2024-3295
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started