Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by vendor S-cms Subscribe
Filtered by product S-cms

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 13 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-51052 1 S-cms 1 S-cms 2023-12-29 N/A 9.8 CRITICAL
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.
CVE-2023-51051 1 S-cms 1 S-cms 2023-12-29 N/A 9.8 CRITICAL
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.
CVE-2023-51049 1 S-cms 1 S-cms 2023-12-27 N/A 9.8 CRITICAL
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.
CVE-2023-51050 1 S-cms 1 S-cms 2023-12-27 N/A 9.8 CRITICAL
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.
CVE-2023-51048 1 S-cms 1 S-cms 2023-12-27 N/A 9.8 CRITICAL
S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.
CVE-2022-23336 1 S-cms 1 S-cms 2022-02-22 7.5 HIGH 9.8 CRITICAL
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
CVE-2019-10708 1 S-cms 1 S-cms 2019-04-03 7.5 HIGH 9.8 CRITICAL
S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.
CVE-2019-6805 1 S-cms 1 S-cms 2019-01-25 7.5 HIGH 9.8 CRITICAL
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
CVE-2018-20479 1 S-cms 1 S-cms 2018-12-31 7.5 HIGH 9.8 CRITICAL
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.
CVE-2018-20480 1 S-cms 1 S-cms 2018-12-31 7.5 HIGH 9.8 CRITICAL
An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.
CVE-2018-20477 1 S-cms 1 S-cms 2018-12-30 7.5 HIGH 9.8 CRITICAL
An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.
CVE-2018-18887 1 S-cms 1 S-cms 2018-12-08 7.5 HIGH 9.8 CRITICAL
S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).
CVE-2018-18427 1 S-cms 1 S-cms 2018-12-03 7.5 HIGH 9.8 CRITICAL
s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.