SIM 漏洞列表

SIM 项目的 /api/function/execute 接口允许可控输入 code 参数被传入后直接在服务器端执行，导致远程任意代码执行（RCE）,攻击者无需认证即可通过构造恶意 JSON 请求触发该接口执行任意命令

Sunflower Simple and Personal is susceptible to a remote code execution vulnerability. body="Verification failure"

WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.

Evolucare Ecsimaging download_stats_dicom.php 存在文件读取漏洞,攻击者可利用该漏洞获取系统敏感信息等.漏洞影响:EVOLUCARE Evolucare Ecsimaging 6.21.5 body="ECSimaging"

EVOLUCARE ECSimage是一款国外使用的医疗管理系统，研究发现其new_movie.php接口中存在命令注入漏洞,攻击者可利用该漏洞获取系统敏感信息等.漏洞影响:EVOLUCARE Evolucare Ecsimaging 6.21.5 fofa-query: body="ECSimaging"

金和网络是专业信息化服务商,为城市监管部门提供了互联网+监管解决方案,为企事业单位提供组织协同OA系统开发平台,电子政务一体化平台,智慧电商平台等服务。金和OA C6 AddressImportPub.aspx 接口处存在XXE漏洞，未授权的攻击者可以通过此漏洞读取服务器上敏感文件或探测内网服务信息，进一步利用可导致服务器失陷 fofa: app="金和网络-金和OA"

CMSimple 3.1 is susceptible to local file inclusion via cmsimple/cms.php when register_globals is enabled which allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be leveraged for remote file execution by including adm.php and then invoking the upload action. NOTE: on 20080601, the vendor patched 3.1 without changing the version number.

A cross-site scripting vulnerability in the integrated web server on Siemens SIMATIC S7-1200 CPU devices 2.x and 3.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

SOPlanning <1.32 contain a directory traversal in the file_get_contents function via a .. (dot dot) in the fichier parameter.

WordPress Simple Image Manipulator 1.0 is vulnerable to local file inclusion in ./simple-image-manipulator/controller/download.php because no checks are made to authenticate users or sanitize input when determining file location.

WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command execution.

GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized operations.

WordPress Simple Job Board prior to version 2.9.4 is vulnerable to arbitrary file retrieval vulnerabilities because it does not validate the sjb_file parameter when viewing a resume, allowing an authenticated user with the download_resume capability (such as HR users) to download arbitrary files from the web-server via local file inclusion.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in SRS Simple Hits Counter Plugin for WordPress 1.0.3 and 1.0.4 allows a remote, unauthenticated attacker to determine the value of database fields.

WordPress Simple Giveaways plugin before 2.36.2 contains a cross-site scripting vulnerability via the method and share GET parameters of the Giveaway pages, which are not sanitized, validated, or escaped before being output back in the pages.

Sourcecodester Simple Client Management System 1.0 contains a SQL injection vulnerability via the username field in login.php. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

WordPress Simple File List before 3.2.8 is vulnerable to local file inclusion via the eeFile parameter in the ~/includes/ee-downloader.php due to missing controls which make it possible for unauthenticated attackers retrieve arbitrary files.

WordPress Simple Membership plugin before 4.1.1 contains a reflected cross-site scripting vulnerability. It does not properly sanitize and escape parameters before outputting them back in AJAX actions.

WordPress Simply Schedule Appointments plugin before 1.5.7.7 is susceptible to information disclosure. The plugin is missing authorization in a REST endpoint, which can allow an attacker to retrieve user details such as name and email address.

WordPress Simple Ajax Chat before 20220216 is vulnerable to sensitive information disclosure. The plugin does not properly restrict access to the exported data via the sac-export.csv file, which could allow unauthenticated users to access it.

The plugin does not escape parameters before outputting them back in attributes, leading to Reflected Cross-Site Scripting

SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database queries.

The plugin does not sanitise and escape some parameters before outputting them back in some pages, leading to Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

LG Simple Editor readVideoInfo Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the readVideoInfo method. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of SYSTEM.

The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address (which by default is the admin email address) via an unauthenticated crafted request.

The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it possible for unauthenticated attackers to log in as any existing user on the site, such as an administrator, when the "Two-Factor Authentication" setting is enabled (disabled by default).

SimpleHelp remote support software v5.5.7 and before is vulnerable to multiple path traversal vulnerabilities that enable unauthenticated remote attackers to download arbitrary files from the SimpleHelp host via crafted HTTP requests. These files include server configuration files containing various secrets and hashed user passwords.

An unrestricted file upload vulnerability in the WordPress Simple File List plugin before version 4.2.3 allows unauthenticated remote attackers to achieve remote code execution. The plugin's upload endpoint (ee-upload-engine.php) restricts file uploads based on extension, but lacks proper validation after file renaming. An attacker can first upload a PHP payload disguised as a .png file, then use the plugin’s ee-file-engine.php rename functionality to change the extension to .php. This bypasses upload restrictions and results in the uploaded payload being executable on the server.

The Simple User Registration plugin ≤ 6.3 is vulnerable to privilege escalation. It lacks proper restrictions on user meta values during registration. Unauthenticated attackers can exploit this to register as administrators.

WordPress Simple File List 插件是一款用于管理文件列表的插件，广泛应用于 WordPress 网站中。该插件的 /wp-content/plugins/simple-file-list/ee-upload-engine.php 文件存在代码执行漏洞（CVE-2025-34085）。攻击者可以通过该漏洞上传恶意文件并执行任意代码，从而完全控制受影响的 WordPress 网站。

KuangSimpleBBS是kuangstudy个人开发者的一个论坛教程项目。 KuangSimpleBBS 1.0版本存在代码问题漏洞，该漏洞源于对文件src/main/java/com/kuang/controller/QuestionController.java中参数editormd-image-file的错误操作导致无限制上传。

SimpleHelp 是一款远程支持和远程桌面管理软件，广泛应用于企业和 IT 服务提供商。该漏洞允许攻击者通过构造特定的路径遍历请求，未经授权地读取服务器上的任意文件，可能导致敏感信息泄露、数据篡改以及其他严重的安全问题。

SimpleHelp是一款远程支持和远程桌面管理软件，常用于企业和IT服务提供商提供技术支持和远程管理服务。它通过浏览器或客户端应用程序，使技术支持人员能够在不需要直接访问用户计算机的情况下，远程解决问题或执行任务。SimpleHelp存在一个未授权的任意文件读取漏洞，该未认证路径遍历漏洞可能使攻击者能够从SimpleHelp服务器下载任意文件，例如serverconfig.xml。该文件包含SimpleHelpAdmin账户的哈希密码以及其他本地技术账号的详细信息。

Simple Chat System是nurhodelta_17个人开发者的一个简单聊天系统。 Simple Chat System 1.0版本存在代码注入漏洞，该漏洞源于/admin/update_room.php文件的name参数包含一个跨站脚本漏洞。

Simple Chat System是nurhodelta_17个人开发者的一个简单聊天系统。 Simple Chat System 1.0版本存在注入漏洞，该漏洞源于/admin/chatroom.php文件的id参数包含一个SQL注入漏洞。

Code-projects Simple School Managment System 是一个基于 PHP 的学校管理系统，用于管理学校的日常事务。该系统的 '/index.php' 页面中的 'apass' 参数和 'aname' 参数存在 SQL 注入漏洞，攻击者可以利用该漏洞执行恶意的 SQL 查询和操作数据库，从而获取敏感信息或进一步控制系统。

Code-projects Simple School Managment System 是一个基于 PHP 的学校管理系统，用于管理学校的日常事务。该系统的 '/teacher_login.php' 页面中的 'pass' 参数和 'name' 参数存在身份验证绕过漏洞，攻击者可以利用该漏洞绕过身份验证，并访问未经授权的功能。

Code-projects Simple School Managment System 是一个基于 PHP 的学校管理系统，用于管理学校的日常事务。该系统的 '/index.php' 页面中的 'apass' 参数和 'aname' 参数存在身份验证绕过漏洞，攻击者可以利用该漏洞绕过身份验证，并访问未经授权的功能。

WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin WP Simple Anchors Links 1.0.0版本及之前版本存在跨站脚本漏洞，该漏洞源于通过插件的wpanchor函数可以进行存储型跨站脚本攻击。

Simple Online Bidding System是oretnom23个人开发者的一个在线投标系统。 Simple Online Bidding System 1.0版本存在SQL注入漏洞，该漏洞源于对参数username的错误操作会导致sql注入。

Simple Online Bidding System是oretnom23个人开发者的一个在线投标系统。 Simple Online Bidding System 1.0版本存在SQL注入漏洞，该漏洞源于对参数id的错误操作会导致sql注入。

Simple Online Bidding System是oretnom23个人开发者的一个在线投标系统。 Simple Online Bidding System 1.0版本存在授权问题漏洞，该漏洞源于错误操作会导致授权不当。

Simple Online Bidding System是oretnom23个人开发者的一个在线投标系统。 Simple Online Bidding System 1.0版本存在SQL注入漏洞，该漏洞源于对参数username的错误操作会导致sql注入。

SourceCodester Simple Realtime Quiz System是SourceCodester公司的一个实时测验系统。 SourceCodester Simple Realtime Quiz System 1.0 版本存在SQL注入漏洞，该漏洞源于 /quiz_board.php 文件中的 quiz 参数包含一个 SQL 注入漏洞。

SourceCodester Simple Realtime Quiz System是SourceCodester公司的一个实时测验系统。 SourceCodester Simple Realtime Quiz System 1.0 版本存在SQL注入漏洞，该漏洞源于 /my_quiz_result.php 文件的 quiz 参数包含一个 SQL 注入漏洞。

LG Simple Editor存在远程代码执行漏洞。此漏洞是由于uploadImage.do对用户上传的文件缺乏校验导致的。

LG Simple Editor中存在目录遍历漏洞。该漏洞是由于处理copyStickerContent命令时对输入验证不当造成的。

Simple Image Stack Website是一个简单图片展示网站。 Simple Image Stack Website 1.0版本存在跨站脚本漏洞，该漏洞源于对参数page的错误操作会导致跨站点脚本编写。

LG Simple Editor中存在目录遍历漏洞。此漏洞是由于deleteFolder方法中对输入的数据验证不正确导致的。

LG Simple Editor中存在任意文件读取漏洞，此漏洞是由于folderManager接口未充分验证用户输入的数据所导致的。

WordPress Plugin Simply Gallery Blocks存在XSS漏洞。该漏洞是由于media-new.php对用户输入的数据校验不足导致的。

Simple Online Bidding System (在线投标系统)中存在SQL注入漏洞，此漏洞是由于未充分验证用户输入参数category_id的数据所导致的。

唐山平升电子技术开发有限公司成立于1999年，专注于物联网智能设备研发制造和应用软件开发。开发的产品广泛服务于水务、环保、农业、安防、交通、气象、能源等领域。该公司的水库安全监管平台 /WebServices/SIMMaintainService.asmx/GetAllRechargeRecordsBySIMCardId处simcardId参数存在硬编码可获取认证最终导致的SQL注入漏洞，攻击者可通过该漏洞获取数据库权限。

GetSimple CMS v3.3.16存在远程代码执行漏洞。该漏洞是由于对用户输入的验证不足造成的。

唐山平升电子技术开发有限公司成立于1999年，专注于物联网智能设备研发制造和应用软件开发。开发的产品广泛服务于水务、环保、农业、安防、交通、气象、能源等领域。该公司的水库安全监管平台/WebServices/SIMMaintainService.asmx/GetAllRechargeRecordsBySIMCardId处simcardId参数存在SQL注入漏洞，攻击者可通过该漏洞获取数据库权限

GetSimple CMS是一套使用PHP语言编写的内容管理系统（CMS）。 GetSimple CMS v3.3.16版本存在安全漏洞，该漏洞源于通过admin/theme-edit.php中的edited_file参数发现包含远程代码执行（RCE）漏洞。

EVOLUCAREECSimage是一款国外使用的医疗管理系统，研究发现其new_movie.php接口中存在命令注入漏洞,攻击者可利用该漏洞获取系统敏感信息等。

【漏洞对象】SIMHL 【涉及版本】SIMHL 3.3 【漏洞描述】 SIMHL Version 3.3存在SQL注入漏洞。

【漏洞对象】SIMHL 【涉及版本】SIMHL 3.2 【漏洞描述】 SIMHL Version 3.2存在SQL注入漏洞。

SimpleHRM是一套人力资源管理系统。该系统提供了一个简单易用的HR部门的管理界面，包括雇员管理、离职管理、收益、提醒等功能。 SimpleHRM 2.3之前的版本中的user_manager.php中存在信息泄露漏洞。该漏洞源于网络系统或产品在运行过程中存在配置等错误。未授权的攻击者可利用漏洞获取受影响组件敏感信息。

SimpleHRM是一套人力资源管理系统。该系统提供了一个简单易用的HR部门的管理界面，包括雇员管理、离职管理、收益、提醒等功能。 SimpleHRM 2.3和2.2版本中的flexycms/modules/user/user_manager.php脚本的登录页面存在SQL注入漏洞，该漏洞源于index.php/user/setLogin脚本没有充分过滤‘username’参数。远程攻击者可利用该漏洞执行任意SQL命令。

Siemens Simatic WinCC和PCS 7 SCADA系统使用的硬编码密码，本地用户可以访问后端数据库和提升特权。

Simpleboard是Mambo and Joomla!开源CMS系统的一个论坛组件。 Mambo SimpleBoard (com_simpleboard)组件1.0.1版本及其早期版本的image_upload.php中存在无限制文件上传漏洞。远程攻击者通过上传一个具有可执行扩展名的文件并借助一个对components/com_simpleboard/的文件直接请求来读取该文件从而，执行任意代码。

Iamma Simple Gallery 1.0和2.0版本中的pages/download.php存在未限制文件上传漏洞。远程攻击者可以通过先上传一个带有可执行性扩展名的文件，然后再借助一个对上传目录中的文件的直接请求来访问它，从而实现任意的PHP代码执行。