Shodan
Vulnerabilities
Vulnerable Software
S-Cms:  Security Vulnerabilities
CVE-2022-4377
A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2022-12-09
CVE-2022-23336
S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-02-14
CVE-2020-20425
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-12-22
CVE-2020-20426
S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-12-22
CVE-2020-19954
An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-14
CVE-2021-37270
There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority.
CVSS Score
9.8
EPSS Score
0.003
Published
2021-09-27
CVE-2020-19158
Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-09-15
CVE-2020-20340
A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-09-01
CVE-2020-19046
Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-08-31
CVE-2020-20698
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
CVSS Score
7.2
EPSS Score
0.023
Published
2021-07-30


Products
Pricing
Contact Us

Shodan ® - All rights reserved