CVE-2018-18427by Jeremyin Security Bulletinson Posted on October 17, 2018 s-cms 3.0 allows SQL Injection via the member/post.php 0_id parameter or the POST data to member/member_login.php.