s-cms 漏洞與 CVE 列表(42)

產品(CPE): — CVE 數: 42

s-cms 漏洞概覽

彙總 s-cms 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。

常見弱點模式包括 CSRF、路徑處理缺陷、XXE與輸入驗證問題,在 軟體部署與生產負載 使用場景中可能帶來 資料外洩、工作階段劫持與檔案覆寫 等風險。

相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢(近 24 個月)

顯示 12042 CVE 數
«« 第一頁 « 上一頁 第 1 / 3 頁 下一頁 »
CVE 摘要 來源 最高 CVSS EPSS % 公開時間 更新時間
CVE-2023-29962 S-CMS v5.0 was discovered to contain an arbitrary file read vulnerability. [email protected] 6.5 0.66% 2024-01-04 2026-06-17
CVE-2023-7191 A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 5.5 0.48% 2023-12-31 2026-06-17
CVE-2023-7190 A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249392. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 5.5 0.48% 2023-12-31 2026-06-17
CVE-2023-7189 A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-249391. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. [email protected] 5.5 0.48% 2023-12-31 2026-06-17
CVE-2023-51052 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. [email protected] 9.8 0.53% 2023-12-21 2026-06-17
CVE-2023-51051 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. [email protected] 9.8 0.53% 2023-12-21 2026-06-17
CVE-2023-51050 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_productauth parameter at /admin/ajax.php. [email protected] 9.8 0.53% 2023-12-21 2026-06-17
CVE-2023-51049 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_bbsauth parameter at /admin/ajax.php. [email protected] 9.8 0.53% 2023-12-21 2026-06-17
CVE-2023-51048 S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_newsauth parameter at /admin/ajax.php. [email protected] 9.8 0.53% 2023-12-21 2026-06-17
CVE-2023-29963 S-CMS v5.0 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /admin/ajax.php. [email protected] 7.2 1.62% 2023-05-05 2026-06-17
CVE-2022-4377 A vulnerability was found in S-CMS 5.0 Build 20220328. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Contact Information Page. The manipulation of the argument Make a Call leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-215197 was assigned to this vulnerability. [email protected] 3.5 0.36% 2022-12-09 2026-06-17
CVE-2022-23336 S-CMS v5.0 was discovered to contain a SQL injection vulnerability in member_pay.php via the O_id parameter. [email protected] 9.8 1.08% 2022-02-14 2026-06-17
CVE-2020-20426 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in /function/booksave.php. [email protected] 6.1 0.90% 2021-12-22 2026-06-16
CVE-2020-20425 S-CMS Government Station Building System v5.0 contains a cross-site scripting (XSS) vulnerability in the search function. [email protected] 6.1 0.90% 2021-12-22 2026-06-16
CVE-2020-19954 An XML External Entity (XXE) vulnerability was discovered in /api/notify.php in S-CMS 3.0 which allows attackers to read arbitrary files. [email protected] 7.5 1.20% 2021-10-14 2026-06-16
CVE-2021-37270 There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. Attackers can use this vulnerability to directly access the specified background path without logging in to the background to obtain the background administrator authority. [email protected] 9.8 1.44% 2021-09-27 2026-06-17
CVE-2020-19158 Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'. [email protected] 5.4 0.69% 2021-09-15 2026-06-16
CVE-2020-20340 A SQL injection vulnerability in the 4.edu.php\conn\function.php component of S-CMS v1.0 allows attackers to access sensitive database information. [email protected] 7.5 1.25% 2021-09-01 2026-06-16
CVE-2020-19046 Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='. [email protected] 5.4 0.85% 2021-08-31 2026-06-16
CVE-2020-20701 A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. [email protected] 4.8 0.58% 2021-07-30 2026-06-16
«« 第一頁 « 上一頁 第 1 / 3 頁 下一頁 »
cvelogic Threat Intelligence