S CMS
by S CMS
CVEs (52)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-20018 | Hig | 0.49 | 7.5 | 0.01 | Dec 10, 2018 | S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI. | ||
| CVE-2018-19331 | Hig | 0.49 | 7.5 | 0.01 | Nov 17, 2018 | An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter. | ||
| CVE-2017-2163 | Hig | 0.49 | 7.5 | 0.02 | May 12, 2017 | Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id. | ||
| CVE-2023-29963 | Hig | 0.47 | 7.2 | 0.02 | May 5, 2023 | S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. | ||
| CVE-2020-20698 | Hig | 0.47 | 7.2 | 0.02 | Jul 30, 2021 | A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file. | ||
| CVE-2019-11376 | Hig | 0.47 | 7.2 | 0.02 | Apr 20, 2019 | SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own. | ||
| CVE-2023-29962 | Med | 0.42 | 6.5 | 0.01 | Jan 4, 2024 | S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. | ||
| CVE-2020-20426 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2021 | S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. | ||
| CVE-2020-20425 | Med | 0.40 | 6.1 | 0.01 | Dec 22, 2021 | S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. | ||
| CVE-2019-17368 | Med | 0.40 | 6.1 | 0.01 | Oct 9, 2019 | S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. | ||
| CVE-2019-16312 | Med | 0.40 | 6.1 | 0.01 | Sep 14, 2019 | s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. | ||
| CVE-2019-9925 | Med | 0.40 | 6.1 | 0.01 | Mar 22, 2019 | S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter. | ||
| CVE-2018-20476 | Med | 0.40 | 6.1 | 0.01 | Dec 26, 2018 | An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter. | ||
| CVE-2018-19145 | Med | 0.40 | 6.1 | 0.01 | Nov 9, 2018 | An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter. | ||
| CVE-2017-2164 | Med | 0.40 | 6.1 | 0.01 | May 12, 2017 | Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||
| CVE-2023-7191 | Med | 0.36 | 5.5 | 0.00 | Dec 31, 2023 | A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public… | ||
| CVE-2023-7190 | Med | 0.36 | 5.5 | 0.00 | Dec 31, 2023 | A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection.… | ||
| CVE-2023-7189 | Med | 0.36 | 5.5 | 0.00 | Dec 31, 2023 | A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been… | ||
| CVE-2020-19158 | Med | 0.35 | 5.4 | 0.01 | Sep 15, 2021 | Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'. | ||
| CVE-2020-19046 | Med | 0.35 | 5.4 | 0.01 | Aug 31, 2021 | Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='. |
- risk 0.49cvss 7.5epss 0.01
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.
- risk 0.49cvss 7.5epss 0.01
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.
- risk 0.49cvss 7.5epss 0.02
Directory traversal vulnerability in SOY CMS Ver.1.8.1 to Ver.1.8.12 allows authenticated attackers to read arbitrary files via shop_id.
- risk 0.47cvss 7.2epss 0.02
S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.
- risk 0.47cvss 7.2epss 0.02
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
- risk 0.47cvss 7.2epss 0.02
SOY CMS v3.0.2 allows remote attackers to execute arbitrary PHP code via a <?php substring in the second text box. NOTE: the vendor indicates that there was an assumption that the content is "made editable on its own.
- risk 0.42cvss 6.5epss 0.01
S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
- risk 0.40cvss 6.1epss 0.01
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
- risk 0.40cvss 6.1epss 0.01
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
- risk 0.40cvss 6.1epss 0.01
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
- risk 0.40cvss 6.1epss 0.01
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.
- risk 0.40cvss 6.1epss 0.01
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.
- risk 0.40cvss 6.1epss 0.01
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.
- risk 0.40cvss 6.1epss 0.01
Cross-site scripting vulnerability in SOY CMS with installer 1.8.12 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
- risk 0.36cvss 5.5epss 0.00
A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public…
- risk 0.36cvss 5.5epss 0.00
A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection.…
- risk 0.36cvss 5.5epss 0.00
A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been…
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
- risk 0.35cvss 5.4epss 0.01
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
Page 2 of 3