National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:s-cms:s-cms:1.0
There are 7 matching records.
Vuln ID Summary CVSS Severity
CVE-2019-10708

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.

Published: April 02, 2019; 03:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2019-10237

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.

Published: March 27, 2019; 02:29:00 PM -04:00
V3: 8.8 HIGH
V2: 6.8 MEDIUM
CVE-2019-9925

S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.

Published: March 22, 2019; 04:29:00 AM -04:00
V3: 6.1 MEDIUM
V2: 4.3 MEDIUM
CVE-2018-20480

An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.

Published: December 25, 2018; 10:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-20479

An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.

Published: December 25, 2018; 10:29:00 PM -05:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH
CVE-2018-20478

An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value.

Published: December 25, 2018; 10:29:00 PM -05:00
V3: 7.5 HIGH
V2: 5.0 MEDIUM
CVE-2018-18887

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).

Published: October 31, 2018; 09:29:00 PM -04:00
V3: 9.8 CRITICAL
V2: 7.5 HIGH