Vulnerabilities > Sdcms > Sdcms > 1.6

DATE CVE VULNERABILITY TITLE RISK
2018-11-29 CVE-2018-19748 Path Traversal vulnerability in Sdcms 1.6
app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal.
network
low complexity
sdcms CWE-22
5.0
5.0
2018-11-25 CVE-2018-19520 Code Injection vulnerability in multiple products
An issue was discovered in SDCMS 1.6 with PHP 5.x.
network
low complexity
sdcms php CWE-94
6.5
6.5