VYPR
Vendor

Sms

Products
1
CVEs
9
Across products
9
Status
Private

Products

1

Recent CVEs

9
  • CVE-2018-25173HigMar 6, 2026
    risk 0.53cvss 8.2epss 0.00

    Rmedia SMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the gid parameter. Attackers can send GET requests to editgrp.php with malicious gid values using EXTRACTVALUE and CONCAT…

  • CVE-2026-6490HigApr 17, 2026
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. Impacted is an unknown function of the file admin/deletecourse.php of the component GET Request Parameter Handler. This manipulation of the argument ID causes sql injection. The…

  • CVE-2026-6489MedApr 17, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This issue affects some unknown processing of the file admin/addteacher.php of the component Background Management Page. The manipulation of the argument image results in…

  • CVE-2026-6488MedApr 17, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in QueryMine sms up to 7ab5a9ea196209611134525ffc18de25c57d9593. This vulnerability affects unknown code of the file admin/editcourse.php of the component GET Request Parameter Handler. The manipulation of the argument ID leads to sql injection.…

  • CVE-2022-38130Aug 10, 2022
    risk 0.06cvss epss 0.53

    The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip() method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database…

  • CVE-2025-66947Dec 26, 2025
    risk 0.00cvss epss 0.00

    SQL injection vulnerability in krishanmuraiji SMS v.1.0, within the /studentms/admin/edit-class-detail.php via the editid GET parameter. An attacker can trigger controlled delays using SQL SLEEP() to infer database contents. Successful exploitation may lead to full database…

  • CVE-2022-27349Apr 8, 2022
    risk 0.00cvss epss 0.02

    Social Codia SMS v1 was discovered to contain an arbitrary file upload vulnerability via addteacher.php. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file.

  • CVE-2022-27348Apr 8, 2022
    risk 0.00cvss epss 0.01

    Social Codia SMS v1 was discovered to contain a stored cross-site scripting (XSS) vulnerability via add_post.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Post Title text field.

  • CVE-2005-2311Jul 19, 2005
    risk 0.00cvss epss 0.00

    SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.