Xiaohuihui1

#13758of 53,633
19.6Total CVSS
Vulnerabilities · 2
Critical
2
PT-2018-15404
9.8
2018-12-26
S Cms · S-Cms · CVE-2018-20479
**Name of the Vulnerable Software and Affected Versions** S-CMS version 1.0 **Description** The issue allows SQL Injection via the "wap index.php?type=newsinfo" API endpoint, specifically through the `S id` parameter. **Recommendations** For S-CMS version 1.0, avoid using the `S id` parameter in the "wap index.php?type=newsinfo" API endpoint until the issue is resolved. Consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.
PT-2018-15405
9.8
2018-12-26
S Cms · S-Cms · CVE-2018-20480
**Name of the Vulnerable Software and Affected Versions** S-CMS version 1.0 **Description** An issue in S-CMS allows SQL Injection via the `P id` parameter in the "js/pic.php" endpoint. **Recommendations** For S-CMS version 1.0, avoid using the `P id` parameter in the "js/pic.php" endpoint until the issue is resolved. Consider restricting access to this endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.