National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:s-cms:s-cms:1.0
There are 4 matching records.
Vuln ID Summary CVSS Severity
CVE-2018-20480

An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.

Published: December 25, 2018; 10:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-20479

An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.

Published: December 25, 2018; 10:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-20478

An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value.

Published: December 25, 2018; 10:29:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-18887

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).

Published: October 31, 2018; 09:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH