Kingflyme

**Name of the Vulnerable Software and Affected Versions** S-CMS version 1.5 **Description** A SQL injection issue was found in the search functionality. The vulnerability can be exploited through the `keyword` parameter in the "search.php" endpoint. **Recommendations** For S-CMS version 1.5, avoid using the `keyword` parameter in the search.php endpoint until a fix is available. Consider restricting access to the search functionality to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** S-CMS version 1.5 **Description** A CSRF issue allows adding a new user via the "admin/ajax.php?type=member&action=add" API endpoint. **Recommendations** For S-CMS version 1.5, consider implementing proper CSRF protection mechanisms to prevent unauthorized actions, such as adding new users, until a patch is available. As a temporary workaround, restrict access to the "admin/ajax.php" endpoint to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** S-CMS version 1.5 **Description** An issue was discovered in the software, which is related to a security problem. The problem is an XSS issue in the "search.php" file via the `keyword` parameter. **Recommendations** For S-CMS version 1.5, consider restricting the use of the `keyword` parameter in the "search.php" file until a patch is available.