59 matches found
CVE-2024-25422
The CVE-2024-25422 entry concerns a SQL injection vulnerability in SEMCMS v.4.8. The issue affects the SEMCMS_Menu.php component and could allow a remote attacker to execute arbitrary code and access sensitive information. Several connected sources consistently describe this flaw as SQL injection...
CVE-2024-36801
CVE-2024-36801 affects SEMCMS v4.8. The issue is a SQL injection in the Download.php lgid parameter, stemming from unprotected SQL query structure, enabling a remote attacker to access sensitive information. Affected component is the Download.php handling lgid; root cause is lack of input sanitiz...
CVE-2024-31010
CVE-2024-31010 affects SEMCMS v4.8; the vulnerability is a SQL injection via the ID parameter in Banner.php. Root cause is an injectable ID parameter exposing sensitive information. Documented impact is high confidentiality risk with no availability/ integrity impact. Related sources confirm the ...
CVE-2024-31012
The CVE-2024-31012 entry concerns SEMCMS v4.8, where an issue in upload.php enables remote attackers to execute arbitrary code, escalate privileges, and exfiltrate sensitive information. Affected component is the upload.php handling; root cause themes indicate insecure file handling/execution pat...
CVE-2024-4595
Summary: CVE-2024-4595 affects SEMCMS up to version 4.8, with the vulnerability located in the locate function of function.php. The issue enables SQL injection due to improper validation of external input, and can be exploited remotely. Multiple connected sources corroborate the vulnerable compon...
CVE-2024-28405
CVE-2024-28405 affects SEMCMS 4.8. The issue is a failure of access control: SEMCMS_Funtion.php is loaded before validating that the user is an admin, because authentication is invoked from the admin page. This allows users to gain admin privileges. The descriptions across sources consistently st...
CVE-2024-52725
SemCms v4.8 has a SQL injection in SEMCMS_SeoAndTag.php via the ldgid parameter, enabling arbitrary code execution. Root cause: SQLi in the affected component. Impact (per sources): potential code execution with high confidentiality impact; CVSS v3.1 base score 4.9 (MEDIUM). Exploitation details ...
CVE-2025-25686
The CVE-2025-25686 entry concerns SEMCMS
CVE-2024-53502
Seecms v4.8 contains a SQL injection vulnerability in SEMCMS_SeoAndTag.php. The CVE-2024-53502 entry notes low baseline impact (Confidentiality/Integrity LOW; Availability NONE) with network attack vector, no user interaction, and high privileges required for exploitation. Exploit details, affect...
CVE-2020-18432
CVE-2020-18432 : SEMCMS PHP version 3.7 contains a code issue that allows remote attackers to upload arbitrary files and gain escalated privileges. The available connected documents confirm the vulnerability name, affected software, and the impact (remote arbitrary file upload with elevated privi...
CVE-2021-38733
CVE-2021-38733 affects SEMCMS SHOP v1.1 with a SQL injection in Ant_BlogCat.php. All sources indicate a high-severity vulnerability (CVSS 3.1: 9.8) potentially allowing unauthorized database access without authentication. The connected documents do not provide exploit details or confirmed in-the-...
CVE-2023-48864
CVE-2023-48864 affects SEMCMS v4.8, where a SQL injection is possible via the languageID parameter in the /web_inc.php endpoint. The vulnerability description is consistently reported across multiple sources; no explicit exploit details or confirmed fixes are provided in the connected documents. ...
CVE-2024-32409
CVE-2024-32409 affects SEMCMS v4.8. The supplied connected sources confirm a remote attacker can execute arbitrary code via a crafted script in SEMCMS, with the root cause described only as the crafted-script input affecting SEMCMS v4.8. The vulnerability is categorized as high-severity (CVSS v3....
CVE-2020-23564
SEMCMS 3.9 is affected by a file upload vulnerability in SEMCMS_Upfile.php that can allow remote attackers to run arbitrary code. Root cause cited: lack of proper validation of uploaded files. Impact per sources is arbitrary code execution (high severity). Remediation: as a temporary workaround, ...
CVE-2021-38729
CVE-2021-38729 affects SEMCMS SHOP version 1.1. The vulnerability is a SQL Injection in Ant_Plist.php, with CVSS v3.1 base score 9.8 (CRITICAL). Public references indicate a PoC exists and potential exploitation; details in the Adp entry note a total technical impact. Pending remediation: PT-2022...
CVE-2021-38217
SEMCMS 1.2 is affected by a SQL Injection vulnerability in SEMCMS_User.php. The issue, documented across multiple sources (CVE-2021-38217), is classified with CVSSv3.1 base score 9.8 (CRITICAL) and is exploitable remotely without privileges or user interaction. The vulnerability stems from input ...
CVE-2022-2726
CVE-2022-2726 concerns SEMCMS. A SQL injection vulnerability exists in an unknown part of Ant_Check.php triggered by manipulating the DID parameter, with remote exploitation claimed. Multiple connected sources corroborate a critical severity and public exploit disclosure, affecting SEMCMS via Ant...
CVE-2023-30090
Semcms Shop v4.2 is affected by an arbitrary file upload vulnerability in the SEMCMS_Upfile.php component, enabling an attacker to upload a crafted PHP file and achieve arbitrary code execution. Affected product: Semcms Shop 4.2; vulnerable component: SEMCMS_Upfile.php; root cause: improper file ...
CVE-2023-31707
SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. Root cause: input validation in Ant_Rponse.php missing, enabling arbitrary SQL execution. Impact: high confidentiality, integrity, and availability; CVSS 3.1 base score 9.8 (CRITICAL) with network access, no authentication, and no user...
CVE-2021-38734
Summary (mode C): SEMCMS SHOP version 1.1 is affected by a SQL Injection in Ant_Menu.php. The vulnerability is documented with a high-impact CVSS (CRITICAL, BOOTSTRAP: NETWORK, no privileges needed, no user interaction) affecting confidentiality, integrity, and availability. The root cause is an ...
CVE-2024-30938
The CVE-2024-30938 issue affects SEMCMS v4.8 and originates from a SQL injection in the SEMCMS_User.php component, allowing a remote attacker to obtain sensitive information via the ID parameter. The vulnerability is described across multiple sources as a SQLi in SEMCMS v4.8 with high impact (con...
CVE-2024-31009
CVE-2024-31009 involves a SQL injection in SEMCMS v4.8, exploitable via the lgid parameter in Banner.php. The vulnerability could allow a remote attacker to obtain sensitive information. No exploitation details are provided in the documents; CVSS base score is 6.5 (MEDIUM). Remediation or workaro...
CVE-2021-38736
The CVE-2021-38736 entry concerns SEMCMS Shop v1.1 with a SQL injection vulnerability in Ant_Global.php. The issue is documented as a high-severity (CVSS v3.1: 9.8, CRITICAL) vulnerability affecting confidentiality, integrity, and availability (C/H/I/A). Connected sources confirm the affected com...
CVE-2021-38737
The CVE-2021-38737 entry concerns SEMCMS v1.1 with a SQL Injection flaw in Ant_Pro.php. The connected sources confirm the vulnerability is due to lack of validation of externally supplied SQL statements, enabling an attacker to execute arbitrary SQL and potentially exfiltrate data. No concrete re...
CVE-2024-46103
SCENARIO: SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. CVSS v3.1: 9.8 (CRITICAL) with NETWORK attack vector, no user interaction; impact to confidentiality, integrity, and availability is HIGH. Confirmed by multiple sources (CNVD-2024-39254, NVD/NVD-adjacent entries, CNNVD, Red ...
CVE-2021-38731
CVE-2021-38731 concerns SEMCMS SHOP v1.1, where Ant_Zekou.php is vulnerable to SQL injection due to input validation gaps. The weakness can allow an attacker to execute arbitrary SQL commands and potentially exfiltrate or manipulate database data. Documented impacts are high (health of data confi...
CVE-2024-13193
CVE-2024-13193 affects SEMCMS up to v4.8, with a SQL injection in the SEMCMS_Images.php of the Image Library Management Page. The vulnerability is exploitable remotely and the exploit has been disclosed publicly; vendor response has been non-existent in the provided material. Connected sources co...
CVE-2018-18742
CVE-2018-18742 concerns SEMCMS 3.4, where a cross-site request forgery (CSRF) vulnerability exists in the admin flow accessed via the URI admin/SEMCMS_User.php?Class=add&CF=user. The issue, described as CSRF, could enable unauthorized operations on behalf of an authenticated user. CVSS metrics fr...
CVE-2020-18081
The CVE-2020-18081 entry concerns SEMCMS 3.8, where the checkuser function is vulnerable to an access-control/SQL query flaw that can disclose plaintext passwords. The vulnerability allows an attacker to obtain passwords via a crafted SQL query, with network access and no authentication required ...
CVE-2021-38730
SemCMS SHOP v1.1 is affected by a SQL Injection vulnerability in Ant_Info.php (CVE-2021-38730). The issue allows unauthenticated attackers to inject SQL, with high impact to confidentiality, integrity, and availability (CVSS 3.1: CRITICAL, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Several connected s...
CVE-2018-18745
CVE-2018-18745 is an XSS vulnerability in SEMCMS 3.4 exploitable via the admin/SEMCMS_Menu.php?lgid=1 page during editing. Connected sources consistently confirm a cross-site scripting issue affecting SEMCMS 3.4; no vendor/version patch details are provided in the documents. The NVD entry lists b...
CVE-2021-38728
CVE-2021-38728 affects SEMCMS SHOP v1.1, with a stored/reflected Cross-Site Scripting (XSS) vulnerability in Ant_M_Coup.php. The available sources indicate the issue resides in a web-exposed component, enabling an attacker to inject scripts that may be executed in a user’s browser, given network ...
CVE-2023-50563
Semcms v4.8 contains a SQL injection vulnerability in SEMCMS_Function.php via the AID parameter. Affected component: SEMCMS_Function.php; vulnerable input AID leads to potential unauthorized data access or modification (high/critical impact per CVSS 3.1). No exploitation details are provided in t...
CVE-2018-18783
CVE-2018-18783 affects SEMCMS V3.4. A reflected/DOM-like cross-site scripting vulnerability is exploitable through the semcms_remail.php?type=ok umail parameter, enabling injection of arbitrary scripts via this input. The vulnerability is documented with CVSS base scores (2.0/4.3 and 3.0/6.1) ind...
CVE-2023-37647
Summary: CVE-2023-37647 affects SEMCMS v1.5, with a SQL injection vulnerability exploitable via the id parameter in the /Ant_Suxin.php endpoint. The issue is documented across multiple sources (including CNVD, NVD, Red Hat, and CVE lists) and has a high/critical impact rating (CVSS 3.1: AV:N/AC:L...
CVE-2024-36800
CVE-2024-36800: A SQL injection vulnerability in SEMCMS v4.8 allows a remote attacker to disclose sensitive information via the ID parameter in Download.php. Root cause: improper handling of the ID parameter enables unauthorized database access. Impact is information disclosure; no exploitation d...
CVE-2019-11518
CVE-2019-11518 affects SEMCMS 3.8 with a SQL injection in SEMCMS_Inquiry.php due to incomplete protection in class.phpmailer.php inject_check_sql. The root cause is an incomplete safeguard allowing AID[] manipulation to inject SQL. CVSS metrics (NVD) list a v3 base score 7.2 (HIGH), network attac...
CVE-2020-18078
CVE-2020-18078 affects SEMCMS v3.8 via a vulnerability in /include/web_check.php that allows resetting the Administrator password. Implementations in multiple feeds confirm the root cause as an access/verification issue within that script, leading to an account takeover risk for the admin account...
CVE-2021-38732
CVE-2021-38732 affects SEMCMS SHOP v1.1, with a SQL injection in Ant_Message.php. The vulnerability is rated CVSS v3.1 9.8 (CRITICAL): Network attack vector, no authentication, low complexity, no user interaction required, and impacts confidentiality, integrity, and availability. Documentation co...
CVE-2018-20017
CVE-2018-20017 affects SEMCMS 3.5. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the first text box on the SEMCMS_Main.php URI. This is confirmed in multiple sources (NVD description and CNVD-2019-05836), which state attackers can use the vulnerability through that input ...
CVE-2023-48863
CVE-2023-48863 affects SEMCMS 3.9. The vulnerability is an SQL Injection caused by insufficient input validation, allowing injected SQL to execute on the backend database. Exploitation status is not documented in the provided sources. Potential remediation noted in PT-2023-30991 suggests implemen...
CVE-2018-18739
CVE-2018-18739 affects SEMCMS 3.4, with a cross-site scripting vulnerability in the admin/SEMCMS_Products.php?lgid=1 Keywords field. The issue is documented across multiple sources (NVD, CNVD, CVE lists). The connected documents confirm the vulnerable component is the Keywords input in SEMCMS 3.4...
CVE-2018-18740
CVE-2018-18740 describes a cross-site scripting (XSS) vulnerability in SEMCMS 3.4. The issue occurs in the first input field when accessing the URI admin/SEMCMS_Link.php?lgid=1, allowing injection of arbitrary script/HTML. Connected sources (NVD/NVDC/CVE records and CNVD/PRION entries) consistent...
CVE-2018-18741
CVE-2018-18741 describes a Cross-Site Scripting (XSS) vulnerability in SEMCMS 3.4, exploitable via the URI admin/SEMCMS_Download.php?lgid=1 during editing. The issue is documented across multiple sources (NVD, CNVD, CVE lists) with the impact characteristics: confidentiality impact LOW, integrity...
CVE-2018-18840
CVE-2018-18840 is a cross-site scripting (XSS) vulnerability in SEMCMS PHP v3.4, triggered via the parameter tag_indexmetatit in SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag. Multiple connected sources corroborate the issue and identify the affected software as SEMCMS PHP v3.4. The vulnerability ...
CVE-2018-18841
CVE-2018-18841 concerns an XSS vulnerability in SEMCMS PHP v3.4. The flaw stems from the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter, allowing script injection via that input. Affected software: SEMCMS PHP 3.4 (as described). The connected documents confirm the vulnerabili...
CVE-2018-18743
CVE-2018-18743 affects SEMCMS 3.4 and is a Cross-Site Scripting (XSS) vulnerability exploitable via the second text field in the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI. NVD metrics show CVSS v2 base score 3.5 (LOW) with NETWORK attack vector, MEDIUM complexity, and partial integrity impact;...
CVE-2018-18744
CVE-2018-18744 describes a cross-site scripting (XSS) vulnerability in SEMCMS 3.4 . The issue is exploitable via the fifth text box in the path to the URI admin/SEMCMS_Main.php , enabling an attacker to inject arbitrary script/HTML. The provided data cites an XSS impact with low to medium severit...
CVE-2018-18738
An XSS vulnerability (CVE-2018-18738) affects SEMCMS 3.4, exploitable via the admin/SEMCMS_Categories.php?pid=1&lgid=1&category_key parameter. The vulnerability is due to unsafely handled input in the category_key field, enabling injection of arbitrary web script/HTML. Reported impact metrics ind...
CVE-2025-51653
CVE-2025-51653 affects SemCms v5.0, where a SQL injection is possible through the pid parameter in SEMCMS_ct.php. The issue, described across multiple feeds (NVD, Red Hat, CVE listing, and PT Security), has a CVSS v3.1 base score of 5.4 (Medium) with network attack vector, low attack complexity, ...