Lucene search
+L

400 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 3:16 p.m.11 views

CVE-2020-19046

Cross Site Scripting XSS in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='...

5.4CVSS6.9AI score0.00853EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 10:3 a.m.9 views

CVE-2019-17368

S-CMS v1.5 has XSS in tpl.php via the member/memberlogin.php from parameter...

6.1CVSS6.1AI score0.00818EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:55 a.m.15 views

CVE-2019-9925

S-CMS PHP v1.0 has XSS in 4.edu.php via the Sid parameter...

6.1CVSS6.2AI score0.00826EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:48 a.m.29 views

CVE-2019-6805

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php Oid parameter...

9.8CVSS8.2AI score0.01135EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:28 a.m.12 views

CVE-2019-10708

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter...

9.8CVSS8.2AI score0.02638EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:22 a.m.11 views

CVE-2019-10237

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin=add⟨=0 URI, a related issue to CVE-2019-9040...

8.8CVSS7AI score0.00614EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:10 a.m.13 views

CVE-2018-18887

S-CMS PHP 1.0 has SQL injection in member/membernews.php via the type parameter aka the $Ntype field...

9.8CVSS8.1AI score0.01135EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:54 a.m.5 views

CVE-2010-4771

SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter...

7.5CVSS8.8AI score0.0098EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:27 a.m.11 views

CVE-2019-9040

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin=add URI, a related issue to CVE-2018-19332...

8.8CVSS6.9AI score0.00572EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:22 a.m.7 views

CVE-2010-4772

Cross-site scripting XSS vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php...

4.3CVSS6AI score0.01464EPSS
Exploits1References1
OSV
OSV
added 2024/01/04 6:15 a.m.4 views

CVE-2023-29962

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...

6.5CVSS5.9AI score0.00657EPSS
Exploits1References2
NVD
NVD
added 2024/01/04 6:15 a.m.24 views

CVE-2023-29962

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...

6.5CVSS6.5AI score0.00657EPSS
Exploits1References2
Prion
Prion
added 2024/01/04 6:15 a.m.25 views

Arbitrary file deletion

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...

4CVSS7.6AI score0.00657EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/04 12:0 a.m.9 views

CVE-2023-29962

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...

6.5AI score0.00657EPSS
Exploits1References2
CVE
CVE
added 2024/01/04 12:0 a.m.62 views

CVE-2023-29962

CVE-2023-29962 affects S-CMS v5.0 and is described as an arbitrary file read vulnerability. Technical details in connected documents confirm the issue targets S-CMS v5.0, with a network-based attack vector, low privileges required, and no user interaction, leading to high confidentiality impact (...

6.5CVSS6.5AI score0.00657EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2024/01/04 12:0 a.m.31 views

CVE-2023-29962

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability...

6.7AI score0.00657EPSS
Exploits1References2
NVD
NVD
added 2023/12/31 4:15 p.m.21 views

CVE-2023-7190

A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument Atext/Aurl/Acontact leads to sql injection. The exploit has been...

8.8CVSS0.00479EPSS
Exploits0References3
NVD
NVD
added 2023/12/31 4:15 p.m.22 views

CVE-2023-7191

A vulnerability, which was classified as critical, was found in S-CMS up to 2.0build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument Mlogin/Memail leads to sql injection. The exploit has been disclosed to the public and may be used. The...

8.8CVSS0.00479EPSS
Exploits0References3
OSV
OSV
added 2023/12/31 4:15 p.m.8 views

CVE-2023-7191

A vulnerability, which was classified as critical, was found in S-CMS up to 2.0build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument Mlogin/Memail leads to sql injection. The exploit has been disclosed to the public and may be used. The...

8.8CVSS5.5AI score0.00479EPSS
Exploits0References3
Prion
Prion
added 2023/12/31 4:15 p.m.28 views

Sql injection

A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument Atext/Aurl/Acontact leads to sql injection. The exploit has been...

5.2CVSS7.5AI score0.00479EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder