VYPR

S CMS

by S CMS

CVEs (52)

  • CVE-2018-20018HigDec 10, 2018
    risk 0.49cvss 7.5epss 0.01

    S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.

  • CVE-2018-19331HigNov 17, 2018
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.

  • CVE-2017-2163HigMay 12, 2017
    risk 0.49cvss 7.5epss 0.02

    Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.

  • CVE-2023-29963HigMay 5, 2023
    risk 0.47cvss 7.2epss 0.02

    S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.

  • CVE-2020-20698HigJul 30, 2021
    risk 0.47cvss 7.2epss 0.02

    A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.

  • CVE-2019-11376HigApr 20, 2019
    risk 0.47cvss 7.2epss 0.02

    SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own.

  • CVE-2023-29962MedJan 4, 2024
    risk 0.42cvss 6.5epss 0.01

    S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.

  • CVE-2020-20426MedDec 22, 2021
    risk 0.40cvss 6.1epss 0.01

    S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.

  • CVE-2020-20425MedDec 22, 2021
    risk 0.40cvss 6.1epss 0.01

    S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.

  • CVE-2019-17368MedOct 9, 2019
    risk 0.40cvss 6.1epss 0.01

    S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.

  • CVE-2019-16312MedSep 14, 2019
    risk 0.40cvss 6.1epss 0.01

    s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.

  • CVE-2019-9925MedMar 22, 2019
    risk 0.40cvss 6.1epss 0.01

    S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.

  • CVE-2018-20476MedDec 26, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.

  • CVE-2018-19145MedNov 9, 2018
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.

  • CVE-2017-2164MedMay 12, 2017
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

  • CVE-2023-7191MedDec 31, 2023
    risk 0.36cvss 5.5epss 0.00

    A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public…

  • CVE-2023-7190MedDec 31, 2023
    risk 0.36cvss 5.5epss 0.00

    A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection.…

  • CVE-2023-7189MedDec 31, 2023
    risk 0.36cvss 5.5epss 0.00

    A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been…

  • CVE-2020-19158MedSep 15, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.

  • CVE-2020-19046MedAug 31, 2021
    risk 0.35cvss 5.4epss 0.01

    Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.