CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 3CVE-2010-4772 – S_CMS 2.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4772
23 Mar 2011 — Cross-site scripting (XSS) vulnerability in blocks/lang.php in S-CMS 2.5 allows remote attackers to inject arbitrary web script or HTML via the id parameter to viewforum.php. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en bloques/lang.php de S-CMS 2.5 permite a atacantes remotos inyectar codigo de script web o código HTML a través del parámetro id de viewforum.php. • https://www.exploit-db.com/exploits/15588 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2010-4771 – S_CMS 2.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2010-4771
23 Mar 2011 — SQL injection vulnerability to viewforum.php in S-CMS 2.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en viewforum.php de S-CMS 2.5 permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id. • https://www.exploit-db.com/exploits/15588 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 5%CPEs: 2EXPL: 2CVE-2009-1502 – S-CMS 1.1 Stable - 'page' Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-1502
01 May 2009 — Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. Vulnerabilidad de salto de directorio transversal enplugin.php en S-Cms v1.1 Stable y v1.5.2 permite a atacantes remotos incluir y ejecutar archivos locales a su elección a través de secuencias de salto de directorio en el parámetro de página. • https://www.exploit-db.com/exploits/8566 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-0863 – S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete
https://notcve.org/view.php?id=CVE-2009-0863
10 Mar 2009 — SQL injection vulnerability in admin/delete_page.php in S-Cms 1.1 Stable allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en admin/delete_page.php en S-Cms Stable v1.1 permite a atacantes remotos ejecutar comandos SQL a través del parámetro "id". • https://www.exploit-db.com/exploits/8071 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2009-0864 – S-CMS 1.1 Stable - Insecure Cookie Handling / Mass Page Delete
https://notcve.org/view.php?id=CVE-2009-0864
10 Mar 2009 — S-Cms 1.1 Stable allows remote attackers to bypass authentication and obtain administrative access via an OK value for the login cookie. S-Cms 1.1 Stable permite a atacantes remotos evitar la autenticación y obtener acceso con privilegios de administrador a través de un valor "OK" para la cookie "login". • https://www.exploit-db.com/exploits/8071 • CWE-287: Improper Authentication •