SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.
8.7AI Score
0.001EPSS
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.
7.3AI Score
0.006EPSS
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.
7.4AI Score
0.011EPSS
SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.
8.7AI Score
0.002EPSS
Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php.
5.9AI Score
0.005EPSS
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
8.8CVSS
8.8AI Score
0.004EPSS
s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.
9.8CVSS
9.7AI Score
0.002EPSS
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.
7.5CVSS
7.8AI Score
0.001EPSS
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.
8.8CVSS
8.6AI Score
0.001EPSS
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.
7.5CVSS
8AI Score
0.002EPSS
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.
6.1CVSS
5.9AI Score
0.001EPSS
An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value.
7.5CVSS
7.5AI Score
0.006EPSS
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.
9.8CVSS
9.8AI Score
0.002EPSS
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.
9.8CVSS
9.8AI Score
0.002EPSS
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.
8.8CVSS
8.7AI Score
0.001EPSS
9.8CVSS
9.9AI Score
0.002EPSS
6.1CVSS
6AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
9.8CVSS
9.8AI Score
0.002EPSS
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
8.8CVSS
8.6AI Score
0.001EPSS
6.1CVSS
6AI Score
0.001EPSS
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
5.4CVSS
5.7AI Score
0.001EPSS
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
5.4CVSS
5.7AI Score
0.001EPSS
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
7.5CVSS
7.3AI Score
0.003EPSS
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
7.5CVSS
7.7AI Score
0.002EPSS
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
6.1CVSS
5.9AI Score
0.001EPSS
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
6.1CVSS
5.9AI Score
0.001EPSS
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
7.2CVSS
7.3AI Score
0.003EPSS
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
4.8CVSS
5.1AI Score
0.001EPSS
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
4.8CVSS
5AI Score
0.001EPSS
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
4.8CVSS
5AI Score
0.001EPSS
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
9.8CVSS
9.7AI Score
0.002EPSS
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched re...
5.4CVSS
5.2AI Score
0.001EPSS
6.5CVSS
6.5AI Score
0.001EPSS
S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.
7.2CVSS
7.4AI Score
0.002EPSS
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.
9.8CVSS
9.7AI Score
0.001EPSS
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.
9.8CVSS
9.7AI Score
0.001EPSS
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.
9.8CVSS
9.7AI Score
0.001EPSS
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.
9.8CVSS
9.7AI Score
0.001EPSS
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.
9.8CVSS
9.7AI Score
0.001EPSS
A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the publi...
8.8CVSS
8.9AI Score
0.001EPSS
A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has bee...
8.8CVSS
8.8AI Score
0.001EPSS
A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The...
8.8CVSS
8.8AI Score
0.001EPSS