Product
s cms s cms
48 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-29962
CVE-2023-7191
CVE-2023-7190
CVE-2023-7189
CVE-2023-51052
CVE-2023-51051
CVE-2023-51050
CVE-2023-51049
CVE-2023-51048
CVE-2023-29963
CVE-2022-4377
CVE-2022-23336
CVE-2020-20426
CVE-2020-20425
CVE-2020-19954
CVE-2021-37270
CVE-2020-19158
CVE-2020-20340
CVE-2020-19046
CVE-2020-20701
CVE-2020-20700
CVE-2020-20699
CVE-2020-20698
CVE-2019-17368
CVE-2019-16312
CVE-2019-10708
CVE-2019-10237
CVE-2019-9925
CVE-2019-9040
CVE-2019-6805
CVE-2018-20480
CVE-2018-20479
CVE-2018-20478
CVE-2018-20477
CVE-2018-20476
CVE-2018-20018
CVE-2018-19332
CVE-2018-19331
CVE-2018-19145
CVE-2018-18887
CVE-2018-18427
CVE-2018-18426
CVE-2010-4772
CVE-2010-4771
CVE-2009-1502
CVE-2009-0864
CVE-2009-0863
CVE-2009-0330
all versions
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
all versions
A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown pa
all versions
A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issu
all versions
A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an u
all versions
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.
all versions
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.
all versions
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.
all versions
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.
all versions
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.
all versions
S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.
all versions
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an u
all versions
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
all versions
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
all versions
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
all versions
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary
all versions
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulner
all versions
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Tit
all versions
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive data
all versions
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page=
all versions
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scrip
all versions
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scr
all versions
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a craft
all versions
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP
all versions
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
all versions
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.
all versions
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.
all versions
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI,
all versions
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
all versions
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue
all versions
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
all versions
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.
all versions
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.
all versions
An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownNam
all versions
An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.
all versions
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.
all versions
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.
all versions
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&ac
all versions
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.
all versions
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.
all versions
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
all versions
s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.
all versions
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the
all versions
Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or
all versions
SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id par
all versions
Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbit
all versions
S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login c
all versions
SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands
all versions
Directory traversal vulnerability in index.php in Simple Content Management System (SCMS) 1 allows remote attackers to include and