Vulnerabilities > S CMS > High

DATE CVE VULNERABILITY TITLE RISK
2018-12-10 CVE-2018-20018 SQL Injection vulnerability in S-Cms 3.0
S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.
network
low complexity
s-cms CWE-89
7.5
7.5
2018-11-17 CVE-2018-19332 Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 1.5
An issue was discovered in S-CMS v1.5.
network
low complexity
s-cms CWE-352
8.8
8.8
2018-11-17 CVE-2018-19331 SQL Injection vulnerability in S-Cms 1.5
An issue was discovered in S-CMS v1.5.
network
low complexity
s-cms CWE-89
7.5
7.5
2018-10-17 CVE-2018-18426 Code Injection vulnerability in S-Cms 3.0
s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.
network
low complexity
s-cms CWE-94
8.8
8.8