CVE-2024-36801
CVE-2024-36801 affects SEMCMS v4.8. The issue is a SQL injection in the Download.php lgid parameter, stemming from unprotected SQL query structure, enabling a remote attacker to access sensitive information. Affected component is the Download.php handling lgid; root cause is lack of input sanitiz...