An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-10-14
A remote code execution (RCE) vulnerability in /1.com.php of S-CMS PHP v3.0 allows attackers to getshell via modification of a PHP file.
CVSS Score
7.2
EPSS Score
0.023
Published
2021-07-30
A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-07-30
A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-07-30
A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
4.8
EPSS Score
0.003
Published
2021-07-30
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-09-14
S-CMS PHP v3.0 has a CSRF vulnerability to add a new admin user via the admin/ajax.php?type=admin&action=add URI, a related issue to CVE-2018-19332.
CVSS Score
8.8
EPSS Score
0.001
Published
2019-02-23
SQL Injection was found in S-CMS version V3.0 via the alipay/alipayapi.php O_id parameter.
CVSS Score
9.8
EPSS Score
0.003
Published
2019-01-25
An issue was discovered in S-CMS 3.0. It allows XSS via the admin/demo.php T_id parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-12-26
An issue was discovered in S-CMS 3.0. It allows SQL Injection via the bank/callback1.php P_no field.
CVSS Score
9.8
EPSS Score
0.003
Published
2018-12-26
Page 1