MidnightBSD

Advisories for s-cms

CVE-2018-18426 HIGH

s-cms 3.0 allows remote attackers to execute arbitrary PHP code by placing this code in a crafted User-agent Disallow value in the robots.php txt parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-94,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2018-18427 HIGH

s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2018-18887 HIGH

S-CMS PHP 1.0 has SQL injection in member/member_news.php via the type parameter (aka the $N_type field).

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 1.0
CVE-2018-19145 MEDIUM

An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 1.5
CVE-2018-19331 MEDIUM

An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 1.5
CVE-2018-19332 MEDIUM

An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
s-cms s-cms 1.5
CVE-2018-20018 MEDIUM

S-CMS V3.0 has SQL injection via the S_id parameter, as demonstrated by the /1/?type=productinfo&S_id=140 URI.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2018-20476 MEDIUM

An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2018-20477 HIGH

An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2018-20478 MEDIUM

An issue was discovered in S-CMS 1.0. It allows reading certain files, such as PHP source code, via the admin/download.php DownName parameter with a mixed-case extension, as demonstrated by a DownName=download.Php value.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
s-cms s-cms 1.0
CVE-2018-20479 HIGH

An issue was discovered in S-CMS 1.0. It allows SQL Injection via the wap_index.php?type=newsinfo S_id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 1.0
CVE-2018-20480 HIGH

An issue was discovered in S-CMS 1.0. It allows SQL Injection via the js/pic.php P_id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 1.0
CVE-2019-10237 MEDIUM

S-CMS PHP v1.0 has a CSRF vulnerability to add a new admin user via the 4.edu.php/admin/ajax.php?type=admin&action=add&lang=0 URI, a related issue to CVE-2019-9040.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
s-cms s-cms 1.0
CVE-2019-10708 HIGH

S-CMS PHP v1.0 has SQL injection via the 4/js/scms.php?action=unlike id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 1.0
CVE-2019-16312 MEDIUM

s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2019-17368 MEDIUM

S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 1.5
CVE-2019-6805 HIGH

SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2019-9040 MEDIUM

S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2019-9925 MEDIUM

S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 1.0
CVE-2020-19046 LOW

Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 1.0
CVE-2020-19158 LOW

Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.4 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N 2.3 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 2019-10-14
CVE-2020-19954 MEDIUM

An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-611,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2020-20340 MEDIUM

A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 1.0
CVE-2020-20425 MEDIUM

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2020-20426 MEDIUM

S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2020-20698 MEDIUM

A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.2 HIGH CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H 1.2 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-862,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2020-20699 LOW

A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2020-20700 LOW

A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2020-20701 LOW

A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.8 MEDIUM CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N 1.7 2.7

CVSS 2.0

Severity: LOW

Problem Type: CWE-79,

Products Affected

Vendor Product Version
s-cms s-cms 3.0
CVE-2021-37270 HIGH

There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-862,

Products Affected

Vendor Product Version
s-cms cms_enterprise_website_construction_system 5.0
CVE-2022-23336 HIGH

S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2022-4377

A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2023-29962

S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N 2.8 3.6

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2023-29963

S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php.

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2023-51048

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2023-51049

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2023-51050

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2023-51051

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2023-51052

S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
s-cms s-cms 5.0
CVE-2023-7189 MEDIUM

A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
cna@vuldb.com 5.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.1 3.4
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 1.5
s-cms s-cms 2.0
s-cms s-cms 1.0
CVE-2023-7190 MEDIUM

A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cna@vuldb.com 5.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.1 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 1.5
s-cms s-cms 2.0
s-cms s-cms 1.0
CVE-2023-7191 MEDIUM

A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9
cna@vuldb.com 5.5 MEDIUM CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 2.1 3.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-89,

Products Affected

Vendor Product Version
s-cms s-cms 1.5
s-cms s-cms 2.0
s-cms s-cms 1.0