VYPR
Vendor

Matteoiammarrone

Products
2
CVEs
9
Across products
9
Status
Private

Products

2

Recent CVEs

9
  • CVE-2023-7191MedDec 31, 2023
    risk 0.36cvss 5.5epss 0.00

    A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public…

  • CVE-2023-7190MedDec 31, 2023
    risk 0.36cvss 5.5epss 0.00

    A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection.…

  • CVE-2023-7189MedDec 31, 2023
    risk 0.36cvss 5.5epss 0.00

    A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been…

  • CVE-2010-4772Mar 23, 2011
    risk 0.03cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php.

  • CVE-2010-4771Mar 23, 2011
    risk 0.03cvss epss 0.01

    SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2009-1502May 1, 2009
    risk 0.03cvss epss 0.02

    Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter.

  • CVE-2009-0864Mar 10, 2009
    risk 0.03cvss epss 0.03

    S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie.

  • CVE-2009-0863Mar 10, 2009
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter.

  • CVE-2008-6084Feb 6, 2009
    risk 0.03cvss epss 0.02

    Unrestricted file upload vulnerability in pages/download.php in Iamma Simple Gallery 1.0 and 2.0 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.