Vulnerabilities > S CMS > S CMS > 5.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-04 | CVE-2023-29962 | Path Traversal vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. | 6.5 |
| 2023-12-21 | CVE-2023-51048 | SQL Injection vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. | 9.8 |
| 2023-12-21 | CVE-2023-51049 | SQL Injection vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. | 9.8 |
| 2023-12-21 | CVE-2023-51050 | SQL Injection vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. | 9.8 |
| 2023-12-21 | CVE-2023-51051 | SQL Injection vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. | 9.8 |
| 2023-12-21 | CVE-2023-51052 | SQL Injection vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. | 9.8 |
| 2023-05-05 | CVE-2023-29963 | Unspecified vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. | 7.2 |
| 2022-12-09 | CVE-2022-4377 | Cross-site Scripting vulnerability in S-Cms 5.0 A vulnerability was found in S-CMS 5.0 Build 20220328. | 5.4 |
| 2022-02-14 | CVE-2022-23336 | SQL Injection vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. | 7.5 |
| 2021-12-22 | CVE-2020-20425 | Cross-site Scripting vulnerability in S-Cms 5.0 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. | 4.3 |