12 matches found
CVE-2019-17368
S-CMS v1.5 has XSS in tpl.php via the member/memberlogin.php from parameter...
Code injection
S-CMS v1.5 has XSS in tpl.php via the member/memberlogin.php from parameter...
CVE-2019-17368
S-CMS v1.5 has XSS in tpl.php via the member/memberlogin.php from parameter...
CVE-2018-19332
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...
CVE-2018-19331
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter...
Sql injection
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter...
Cross site request forgery (csrf)
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI...
CVE-2018-19331
CVE-2018-19331 affects S-CMS v1.5: the search.php endpoint is vulnerable to SQL injection via the keyword parameter. Root cause: unsafely constructed SQL in the search feature. Exploitation via keyword parameter is documented; this could enable a SQL injection attack. No remediation or patch deta...
CVE-2018-19331
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter...
Cross site scripting
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter...
CVE-2018-19145
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter...
CVE-2018-19145
This CVE concerns S-CMS v1.5 and an XSS vulnerability in search.php reachable via the keyword parameter. The issue is triggered through input handling in the search routine, allowing injection of web scripts or HTML. The core information confirms the vulnerability exists in the S-CMS 1.5 componen...