Shodan
Vulnerabilities
Vulnerable Software
S-Cms:  >> S-Cms  >> 1.5  Security Vulnerabilities
CVE-2023-7190
A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-31
CVE-2023-7191
A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-31
CVE-2023-7189
A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVSS Score
5.5
EPSS Score
0.0
Published
2023-12-31
CVE-2019-17368
S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2019-10-09
CVE-2018-19331
An issue was discovered in S-CMS v1.5. There is a SQL injection vulnerability in search.php via the keyword parameter.
CVSS Score
7.5
EPSS Score
0.003
Published
2018-11-17
CVE-2018-19332
An issue was discovered in S-CMS v1.5. There is a CSRF vulnerability that can add a new user via the admin/ajax.php?type=member&action=add URI.
CVSS Score
8.8
EPSS Score
0.001
Published
2018-11-17
CVE-2018-19145
An issue was discovered in S-CMS v1.5. There is an XSS vulnerability in search.php via the keyword parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-11-09


Products
Pricing
Contact Us

Shodan ® - All rights reserved