Vulnerabilities > S CMS
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-09 | CVE-2022-4377 | Cross-site Scripting vulnerability in S-Cms 5.0 A vulnerability was found in S-CMS 5.0 Build 20220328. | 5.4 |
| 2022-02-14 | CVE-2022-23336 | SQL Injection vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | 9.8 |
| 2021-12-22 | CVE-2020-20425 | Cross-site Scripting vulnerability in S-Cms 5.0 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. | 6.1 |
| 2021-12-22 | CVE-2020-20426 | Cross-site Scripting vulnerability in S-Cms 5.0 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. | 6.1 |
| 2021-10-14 | CVE-2020-19954 | XXE vulnerability in S-Cms 3.0 An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. | 7.5 |
| 2021-09-27 | CVE-2021-37270 | Missing Authorization vulnerability in S-Cms CMS Enterprise Website Construction System 5.0 There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. | 9.8 |
| 2021-09-15 | CVE-2020-19158 | Cross-site Scripting vulnerability in S-Cms 20191014 Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'. | 5.4 |
| 2021-09-01 | CVE-2020-20340 | SQL Injection vulnerability in S-Cms 1.0 A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. | 7.5 |
| 2021-08-31 | CVE-2020-19046 | Cross-site Scripting vulnerability in S-Cms 1.0 Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='. | 5.4 |
| 2021-07-30 | CVE-2020-20698 | Missing Authorization vulnerability in S-Cms 3.0 A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file. | 7.2 |