Vulnerabilities > S CMS > S CMS > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-04 | CVE-2023-29962 | Path Traversal vulnerability in S-Cms 5.0 S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. | 6.5 |
| 2022-12-09 | CVE-2022-4377 | Cross-site Scripting vulnerability in S-Cms 5.0 A vulnerability was found in S-CMS 5.0 Build 20220328. | 5.4 |
| 2021-12-22 | CVE-2020-20425 | Cross-site Scripting vulnerability in S-Cms 5.0 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. | 4.3 |
| 2021-12-22 | CVE-2020-20426 | Cross-site Scripting vulnerability in S-Cms 5.0 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. | 4.3 |
| 2021-10-14 | CVE-2020-19954 | XXE vulnerability in S-Cms 3.0 An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. | 5.0 |
| 2021-09-01 | CVE-2020-20340 | SQL Injection vulnerability in S-Cms 1.0 A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. | 5.0 |
| 2021-07-30 | CVE-2020-20698 | Missing Authorization vulnerability in S-Cms 3.0 A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file. | 6.5 |
| 2019-10-09 | CVE-2019-17368 | Cross-site Scripting vulnerability in S-Cms 1.5 S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. | 4.3 |
| 2019-09-14 | CVE-2019-16312 | Cross-site Scripting vulnerability in S-Cms 3.0 s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. | 4.3 |
| 2019-03-27 | CVE-2019-10237 | Cross-Site Request Forgery (CSRF) vulnerability in S-Cms 1.0 S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040. | 6.8 |