Vulnerabilities > S CMS

DATE CVE VULNERABILITY TITLE RISK
2022-12-09 CVE-2022-4377 Cross-site Scripting vulnerability in S-Cms 5.0
A vulnerability was found in S-CMS 5.0 Build 20220328.
network
low complexity
s-cms CWE-79
5.4
2022-02-14 CVE-2022-23336 SQL Injection vulnerability in S-Cms 5.0
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
network
low complexity
s-cms CWE-89
7.5
2021-12-22 CVE-2020-20425 Cross-site Scripting vulnerability in S-Cms 5.0
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
network
s-cms CWE-79
4.3
2021-12-22 CVE-2020-20426 Cross-site Scripting vulnerability in S-Cms 5.0
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
network
s-cms CWE-79
4.3
2021-10-14 CVE-2020-19954 XXE vulnerability in S-Cms 3.0
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
network
low complexity
s-cms CWE-611
5.0
2021-09-27 CVE-2021-37270 Missing Authorization vulnerability in S-Cms CMS Enterprise Website Construction System 5.0
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0.
network
low complexity
s-cms CWE-862
critical
10.0
2021-09-15 CVE-2020-19158 Cross-site Scripting vulnerability in S-Cms 20191014
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
network
s-cms CWE-79
3.5
2021-09-01 CVE-2020-20340 SQL Injection vulnerability in S-Cms 1.0
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
network
low complexity
s-cms CWE-89
5.0
2021-08-31 CVE-2020-19046 Cross-site Scripting vulnerability in S-Cms 1.0
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
network
s-cms CWE-79
3.5
2021-07-30 CVE-2020-20698 Missing Authorization vulnerability in S-Cms 3.0
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
network
low complexity
s-cms CWE-862
6.5