22 matches found
EUVD-2018-10154
Malware in sbrugna...
EUVD-2020-11850
Malware in sbrugna...
EUVD-2018-13030
Malware in sbrugna...
CVE-2020-19954
An XML External Entity XXE vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files...
CVE-2020-19954
An XML External Entity XXE vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files...
Xxe
An XML External Entity XXE vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files...
CVE-2020-19954
An XML External Entity XXE vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files...
CVE-2020-19954
CVE-2020-19954 : An XML External Entity (XXE) vulnerability affects S-CMS 3.0, specifically the /api/notify.php endpoint, enabling an attacker to read arbitrary files. Root cause: XXE in XML processing. Documented impact across sources (NVD, CNVD, Red Hat). CVSS v3.1 base score 7.5 (HIGH); CVSS v...
S-CMS Cross-Site Scripting Vulnerability (CNVD-2021-58258)
S-CMS 3.0 has a cross-site scripting vulnerability, which can be exploited by attackers via the "Copyright" text box under "Basic Settings" to execute arbitrary Web scripts or HTML. The vulnerability can be exploited to execute arbitrary Web scripts or HTML via the "Copyright" text box under "Bas...
Sql injection
An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php Pno field...
CVE-2018-20477
An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php Pno field...
Design/Logic Flaw
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php Tid parameter...
CVE-2018-20476
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php Tid parameter...
CVE-2018-20477
CVE-2018-20477 affects S-CMS 3.0. The issue arises from failure to validate the P_no field in bank/callback1.php, enabling SQL injection and potential remote execution of SQL statements. Impact per sources includes partial/high integrity and confidentiality implications (per CVSS data) with a hig...
CVE-2018-20476
Affected software: S-CMS 3.0. The vulnerability is an XSS in admin/demo.php via the T_id parameter, caused by inadequate input filtering of T_id. Impact: remote attackers can inject arbitrary Web script or HTML that executes in the context of a user’s browser. Exploitation: described as XSS via t...
CVE-2018-20476
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php Tid parameter...
CVE-2018-18426
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...
CVE-2018-18426
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter...
CVE-2018-18427
s-cms 3.0 allows SQL Injection via the member/post.php 0id parameter or the POST data to member/memberlogin.php...
Sql injection
s-cms 3.0 allows SQL Injection via the member/post.php 0id parameter or the POST data to member/memberlogin.php...