Xiaohuihui1

**Name of the Vulnerable Software and Affected Versions** S-CMS version 1.0 **Description** The issue allows SQL Injection via the "wap index.php?type=newsinfo" API endpoint, specifically through the `S id` parameter. **Recommendations** For S-CMS version 1.0, avoid using the `S id` parameter in the "wap index.php?type=newsinfo" API endpoint until the issue is resolved. Consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** S-CMS version 1.0 **Description** An issue in S-CMS allows SQL Injection via the `P id` parameter in the "js/pic.php" endpoint. **Recommendations** For S-CMS version 1.0, avoid using the `P id` parameter in the "js/pic.php" endpoint until the issue is resolved. Consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.