Vulnerabilities > CVE-2020-19954 - XXE vulnerability in S-Cms 3.0

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
s-cms
CWE-611
NVD
Published: 2021-10-14
Updated: 2021-10-20

Summary

An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.

Vulnerable Configurations

Part Description Count
Application
S-Cms
1

Common Weakness Enumeration (CWE)

References