National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:s-cms:s-cms:3.0
There are 8 matching records.
Vuln ID Summary CVSS Severity
CVE-2019-16312

s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.

Published: September 14, 2019; 12:15:10 PM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-9040

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.

Published: February 23, 2019; 01:29:00 PM -05:00
V3.0: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-6805

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.

Published: January 25, 2019; 03:29:00 AM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-20477

An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.

Published: December 25, 2018; 10:29:00 PM -05:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-20476

An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.

Published: December 25, 2018; 10:29:00 PM -05:00
V3.0: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2018-20018

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.

Published: December 10, 2018; 04:29:00 AM -05:00
V3.0: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2018-18427

s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.

Published: October 17, 2018; 12:29:01 AM -04:00
V3.0: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2018-18426

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.

Published: October 17, 2018; 12:29:01 AM -04:00
V3.0: 8.8 HIGH
    V2: 9.0 HIGH