CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-7191 – S-CMS reg.php sql injection
https://notcve.org/view.php?id=CVE-2023-7191
31 Dec 2023 — A vulnerability, which was classified as critical, was found in S-CMS up to 2.0_build20220529-20231006. This affects an unknown part of the file member/reg.php. The manipulation of the argument M_login/M_email leads to sql injection. The exploit has been disclosed to the public and may be used. The identifier VDB-249393 was assigned to this vulnerability. • https://note.zhaoj.in/share/Fmytf7wBINbP • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-7190 – S-CMS sql injection
https://notcve.org/view.php?id=CVE-2023-7190
31 Dec 2023 — A vulnerability, which was classified as critical, has been found in S-CMS up to 2.0_build20220529-20231006. Affected by this issue is some unknown functionality of the file /member/ad.php?action=ad. The manipulation of the argument A_text/A_url/A_contact leads to sql injection. The exploit has been disclosed to the public and may be used. • https://note.zhaoj.in/share/0ZY7hEQAskqM • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 1CVE-2023-7189 – S-CMS sql injection
https://notcve.org/view.php?id=CVE-2023-7189
31 Dec 2023 — A vulnerability classified as critical was found in S-CMS up to 2.0_build20220529-20231006. Affected by this vulnerability is an unknown functionality of the file /s/index.php?action=statistics. The manipulation of the argument lid leads to sql injection. The exploit has been disclosed to the public and may be used. • https://note.zhaoj.in/share/9yaojoQvesLu • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 5%CPEs: 2EXPL: 2CVE-2009-1502 – S-CMS 1.1 Stable - 'page' Local File Inclusion
https://notcve.org/view.php?id=CVE-2009-1502
01 May 2009 — Directory traversal vulnerability in plugin.php in S-Cms 1.1 Stable and 1.5.2 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the page parameter. Vulnerabilidad de salto de directorio transversal enplugin.php en S-Cms v1.1 Stable y v1.5.2 permite a atacantes remotos incluir y ejecutar archivos locales a su elección a través de secuencias de salto de directorio en el parámetro de página. • https://www.exploit-db.com/exploits/8566 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •