Sdcms Sdcms

Do you want an email whenever new security vulnerabilities are reported in Sdcms?

By the Year

In 2024 there have been 0 vulnerabilities in Sdcms . Sdcms did not have any published security vulnerabilities last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 0 0.00
2022 0 0.00
2021 0 0.00
2020 0 0.00
2019 2 9.30
2018 3 8.37

It may take a day or so for new Sdcms vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Sdcms Security Vulnerabilities

An issue was discovered in SDCMS V1.7

CVE-2019-9651 9.8 - Critical - March 11, 2019

An issue was discovered in SDCMS V1.7. In the \app\admin\controller\themecontroller.php file, the check_bad() function's filtering is not strict, resulting in PHP code execution. This occurs because some dangerous PHP functions (such as "eval") are blocked but others (such as "system") are not, and because ".php" is blocked but ".PHP" is not blocked.

Code Injection

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request

CVE-2019-9652 8.8 - High - March 11, 2019

There is a CSRF in SDCMS V1.7 via an m=admin&c=theme&a=edit request. It allows PHP code injection by providing a filename in the file parameter, and providing file content in the t2 parameter.

Session Riding

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6

CVE-2018-19748 7.5 - High - November 29, 2018

app/plug/attachment/controller/admincontroller.php in SDCMS 1.6 allows reading arbitrary files via a /?m=plug&c=admin&a=index&p=attachment&root= directory traversal. The value of the root parameter must be base64 encoded (note that base64 encoding, instead of URL encoding, is very rare in a directory traversal attack vector).

Directory traversal

An issue was discovered in SDCMS 1.6 with PHP 5.x

CVE-2018-19520 8.8 - High - November 25, 2018

An issue was discovered in SDCMS 1.6 with PHP 5.x. app/admin/controller/themecontroller.php uses a check_bad function in an attempt to block certain PHP functions such as eval, but does not prevent use of preg_replace 'e' calls, allowing users to execute arbitrary code by leveraging access to admin template management.

Code Injection

An issue was discovered in SDcms v1.5

CVE-2018-11004 8.8 - High - May 12, 2018

An issue was discovered in SDcms v1.5. Cross-site request forgery (CSRF) vulnerability in /WWW//app/admin/controller/admincontroller.php allows remote attackers to add administrator accounts via m=admin&c=admin&a=add.

Session Riding

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for Sdcms or by Sdcms? Click the Watch button to subscribe.

Sdcms
Vendor

Sdcms
Product

subscribe