S Cms

s-cms

42 CVEs • 2 products

Products (2)

Click to collapse

Toggle

S Cms

s-cms

41 CVEs

Cms Enterprise Website Construction System

cms_enterprise_website_construction_system

1 CVE

CVEs (42)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-29962 1S Cms 1S Cms Jun 3, 2025 Jan 4, 2024 N/A· v4 6.5 MEDIUM· v3 N/A· v2 S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.
CVE-2023-7191 1S Cms 1S Cms Nov 21, 2024 Dec 31, 2023 N/A· v4 8.8 HIGH· v3 5.2 MEDIUM· v2 A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to s...Show more A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-7190 1S Cms 1S Cms Nov 21, 2024 Dec 31, 2023 N/A· v4 8.8 HIGH· v3 5.2 MEDIUM· v2 A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of...Show more A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-7189 1S Cms 1S Cms Nov 21, 2024 Dec 31, 2023 N/A· v4 8.8 HIGH· v3 5.2 MEDIUM· v2 A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the a...Show more A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2023-51052 1S Cms 1S Cms Apr 24, 2025 Dec 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.
CVE-2023-51051 1S Cms 1S Cms Nov 21, 2024 Dec 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.
CVE-2023-51050 1S Cms 1S Cms Nov 21, 2024 Dec 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.
CVE-2023-51049 1S Cms 1S Cms Nov 21, 2024 Dec 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.
CVE-2023-51048 1S Cms 1S Cms Nov 21, 2024 Dec 21, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.
CVE-2023-29963 1S Cms 1S Cms Jan 29, 2025 May 5, 2023 N/A· v4 7.2 HIGH· v3 N/A· v2 S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.
CVE-2022-4377 1S Cms 1S Cms Nov 21, 2024 Dec 9, 2022 N/A· v4 5.4 MEDIUM· v3 N/A· v2 A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the ar...Show more A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.Show less
CVE-2022-23336 1S Cms 1S Cms Nov 21, 2024 Feb 14, 2022 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
CVE-2020-20426 1S Cms 1S Cms Nov 21, 2024 Dec 22, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
CVE-2020-20425 1S Cms 1S Cms Nov 21, 2024 Dec 22, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
CVE-2020-19954 1S Cms 1S Cms Nov 21, 2024 Oct 14, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
CVE-2021-37270 1S Cms 1Cms Enterprise Website Construction System Nov 21, 2024 Sep 27, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the backgro...Show more There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.Show less
CVE-2020-19158 1S Cms 1S Cms Nov 21, 2024 Sep 15, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
CVE-2020-20340 1S Cms 1S Cms Nov 21, 2024 Sep 1, 2021 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
CVE-2020-19046 1S Cms 1S Cms Nov 21, 2024 Aug 31, 2021 N/A· v4 5.4 MEDIUM· v3 3.5 LOW· v2 Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
CVE-2020-20701 1S Cms 1S Cms Nov 21, 2024 Jul 30, 2021 N/A· v4 4.8 MEDIUM· v3 3.5 LOW· v2 A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

12 3 Next