400 matches found
CVE-2020-19046
Cross Site Scripting XSS in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='...
CVE-2019-17368
S-CMS v1.5 has XSS in tpl.php via the member/memberlogin.php from parameter...
CVE-2019-9925
S-CMS PHP v1.0 has XSS in 4.edu.php via the Sid parameter...
CVE-2019-6805
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php Oid parameter...
CVE-2019-10708
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...
CVE-2019-10237
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin=add⟨=0 URI, a related issue to CVE-2019-9040...
CVE-2018-18887
S-CMS PHP 1.0 has SQL injection in member/membernews.php via the type parameter aka the $Ntype field...
CVE-2010-4771
SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CVE-2019-9040
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin=add URI, a related issue to CVE-2018-19332...
CVE-2010-4772
Cross-site scripting XSS vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php...
CVE-2023-29962
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...
CVE-2023-29962
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...
Arbitrary file deletion
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...
CVE-2023-29962
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...
CVE-2023-29962
CVE-2023-29962 affects S-CMS v5.0 and is described as an arbitrary file read vulnerability. Technical details in connected documents confirm the issue targets S-CMS v5.0, with a network-based attack vector, low privileges required, and no user interaction, leading to high confidentiality impact (...
CVE-2023-29962
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...
CVE-2023-7190
A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument Atext/Aurl/Acontact leads to sql injection. The exploit has been...
CVE-2023-7191
A vulnerability, which was classified as critical, was found in S-CMS up to 2.0build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument Mlogin/Memail leads to sql injection. The exploit has been disclosed to the public and may be used. The...
CVE-2023-7191
A vulnerability, which was classified as critical, was found in S-CMS up to 2.0build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument Mlogin/Memail leads to sql injection. The exploit has been disclosed to the public and may be used. The...
Sql injection
A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument Atext/Aurl/Acontact leads to sql injection. The exploit has been...