Vulnerabilities > S CMS > High

DATE CVE VULNERABILITY TITLE RISK
2023-12-31 CVE-2023-7190 Unspecified vulnerability in S-Cms 1.0/1.5/2.0
A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006.
network
low complexity
s-cms
8.8
8.8
2023-12-31 CVE-2023-7191 Unspecified vulnerability in S-Cms 1.0/1.5/2.0
A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006.
network
low complexity
s-cms
8.8
8.8
2023-12-31 CVE-2023-7189 Unspecified vulnerability in S-Cms 1.0/1.5/2.0
A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006.
network
low complexity
s-cms
8.8
8.8
2023-05-05 CVE-2023-29963 Unspecified vulnerability in S-Cms 5.0
S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.
network
low complexity
s-cms
7.2
7.2
2021-10-14 CVE-2020-19954 XXE vulnerability in S-Cms 3.0
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
network
low complexity
s-cms CWE-611
7.5
7.5
2021-09-01 CVE-2020-20340 SQL Injection vulnerability in S-Cms 1.0
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
network
low complexity
s-cms CWE-89
7.5
7.5
2021-07-30 CVE-2020-20698 Missing Authorization vulnerability in S-Cms 3.0
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
network
low complexity
s-cms CWE-862
7.2
7.2
2019-03-27 CVE-2019-10237 Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 1.0
S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.
network
low complexity
s-cms CWE-352
8.8
8.8
2019-02-23 CVE-2019-9040 Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 3.0
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
network
low complexity
s-cms CWE-352
8.8
8.8
2018-12-26 CVE-2018-20478 Information Exposure vulnerability in S-Cms 1.0
An issue was discovered in S-CMS 1.0.
network
low complexity
s-cms CWE-200
7.5
7.5