Shodan
Vulnerabilities
Vulnerable Software
S-Cms:  >> S-Cms  Security Vulnerabilities
CVE-2022-4377
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-12-09
CVE-2022-23336
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-14
CVE-2020-20425
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-12-22
CVE-2020-20426
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-12-22
CVE-2020-19954
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-14
CVE-2020-19158
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-15
CVE-2020-20340
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-09-01
CVE-2020-19046
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-31
CVE-2020-20698
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
CVSS Score
7.2
EPSS Score
0.023
Published
2021-07-30
CVE-2020-20699
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-07-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved