Lucene search
K
Sem-cmsSemcms

59 matches found

CVE
CVE
added 2024/02/28 12:0 a.m.7796 views

CVE-2024-25422

The CVE-2024-25422 entry concerns a SQL injection vulnerability in SEMCMS v.4.8. The issue affects the SEMCMS_Menu.php component and could allow a remote attacker to execute arbitrary code and access sensitive information. Several connected sources consistently describe this flaw as SQL injection...

9.8CVSS8.2AI score0.01023EPSS
CVE
CVE
added 2024/06/04 12:47 p.m.76 views

CVE-2024-36801

CVE-2024-36801 affects SEMCMS v4.8. The issue is a SQL injection in the Download.php lgid parameter, stemming from unprotected SQL query structure, enabling a remote attacker to access sensitive information. Affected component is the Download.php handling lgid; root cause is lack of input sanitiz...

5.9CVSS7.6AI score0.00391EPSS
CVE
CVE
added 2024/04/03 12:0 a.m.68 views

CVE-2024-31010

CVE-2024-31010 affects SEMCMS v4.8; the vulnerability is a SQL injection via the ID parameter in Banner.php. Root cause is an injectable ID parameter exposing sensitive information. Documented impact is high confidentiality risk with no availability/ integrity impact. Related sources confirm the ...

7.5CVSS7.3AI score0.00791EPSS
CVE
CVE
added 2024/04/03 12:0 a.m.67 views

CVE-2024-31012

The CVE-2024-31012 entry concerns SEMCMS v4.8, where an issue in upload.php enables remote attackers to execute arbitrary code, escalate privileges, and exfiltrate sensitive information. Affected component is the upload.php handling; root cause themes indicate insecure file handling/execution pat...

9.8CVSS7.5AI score0.01157EPSS
CVE
CVE
added 2024/05/07 3:0 p.m.67 views

CVE-2024-4595

Summary: CVE-2024-4595 affects SEMCMS up to version 4.8, with the vulnerability located in the locate function of function.php. The issue enables SQL injection due to improper validation of external input, and can be exploited remotely. Multiple connected sources corroborate the vulnerable compon...

6.5CVSS7.3AI score0.0057EPSS
CVE
CVE
added 2024/03/29 12:0 a.m.66 views

CVE-2024-28405

CVE-2024-28405 affects SEMCMS 4.8. The issue is a failure of access control: SEMCMS_Funtion.php is loaded before validating that the user is an admin, because authentication is invoked from the admin page. This allows users to gain admin privileges. The descriptions across sources consistently st...

7.2CVSS7.3AI score0.00801EPSS
CVE
CVE
added 2024/11/20 12:0 a.m.66 views

CVE-2024-52725

SemCms v4.8 has a SQL injection in SEMCMS_SeoAndTag.php via the ldgid parameter, enabling arbitrary code execution. Root cause: SQLi in the affected component. Impact (per sources): potential code execution with high confidentiality impact; CVSS v3.1 base score 4.9 (MEDIUM). Exploitation details ...

4.9CVSS8.8AI score0.00543EPSS
CVE
CVE
added 2025/03/27 12:0 a.m.66 views

CVE-2025-25686

The CVE-2025-25686 entry concerns SEMCMS

9.8CVSS7.7AI score0.00475EPSS
CVE
CVE
added 2024/12/03 12:0 a.m.64 views

CVE-2024-53502

Seecms v4.8 contains a SQL injection vulnerability in SEMCMS_SeoAndTag.php. The CVE-2024-53502 entry notes low baseline impact (Confidentiality/Integrity LOW; Availability NONE) with network attack vector, no user interaction, and high privileges required for exploitation. Exploit details, affect...

3.8CVSS8.4AI score0.00285EPSS
CVE
CVE
added 2023/06/30 12:0 a.m.63 views

CVE-2020-18432

CVE-2020-18432 : SEMCMS PHP version 3.7 contains a code issue that allows remote attackers to upload arbitrary files and gain escalated privileges. The available connected documents confirm the vulnerability name, affected software, and the impact (remote arbitrary file upload with elevated privi...

9.8CVSS9.5AI score0.00888EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.63 views

CVE-2021-38733

CVE-2021-38733 affects SEMCMS SHOP v1.1 with a SQL injection in Ant_BlogCat.php. All sources indicate a high-severity vulnerability (CVSS 3.1: 9.8) potentially allowing unauthorized database access without authentication. The connected documents do not provide exploit details or confirmed in-the-...

9.8CVSS9.8AI score0.0062EPSS
CVE
CVE
added 2024/01/10 12:0 a.m.63 views

CVE-2023-48864

CVE-2023-48864 affects SEMCMS v4.8, where a SQL injection is possible via the languageID parameter in the /web_inc.php endpoint. The vulnerability description is consistently reported across multiple sources; no explicit exploit details or confirmed fixes are provided in the connected documents. ...

7.5CVSS7.7AI score0.00609EPSS
CVE
CVE
added 2024/04/19 12:0 a.m.62 views

CVE-2024-32409

CVE-2024-32409 affects SEMCMS v4.8. The supplied connected sources confirm a remote attacker can execute arbitrary code via a crafted script in SEMCMS, with the root cause described only as the crafted-script input affecting SEMCMS v4.8. The vulnerability is categorized as high-severity (CVSS v3....

7.1CVSS7.8AI score0.0065EPSS
CVE
CVE
added 2023/08/05 12:0 a.m.60 views

CVE-2020-23564

SEMCMS 3.9 is affected by a file upload vulnerability in SEMCMS_Upfile.php that can allow remote attackers to run arbitrary code. Root cause cited: lack of proper validation of uploaded files. Impact per sources is arbitrary code execution (high severity). Remediation: as a temporary workaround, ...

7.2CVSS7.2AI score0.00838EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.60 views

CVE-2021-38729

CVE-2021-38729 affects SEMCMS SHOP version 1.1. The vulnerability is a SQL Injection in Ant_Plist.php, with CVSS v3.1 base score 9.8 (CRITICAL). Public references indicate a PoC exists and potential exploitation; details in the Adp entry note a total technical impact. Pending remediation: PT-2022...

9.8CVSS9.8AI score0.00798EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.58 views

CVE-2021-38217

SEMCMS 1.2 is affected by a SQL Injection vulnerability in SEMCMS_User.php. The issue, documented across multiple sources (CVE-2021-38217), is classified with CVSSv3.1 base score 9.8 (CRITICAL) and is exploitable remotely without privileges or user interaction. The vulnerability stems from input ...

9.8CVSS9.8AI score0.00752EPSS
CVE
CVE
added 2022/08/09 7:11 a.m.58 views

CVE-2022-2726

CVE-2022-2726 concerns SEMCMS. A SQL injection vulnerability exists in an unknown part of Ant_Check.php triggered by manipulating the DID parameter, with remote exploitation claimed. Multiple connected sources corroborate a critical severity and public exploit disclosure, affecting SEMCMS via Ant...

9.8CVSS8.4AI score0.00547EPSS
CVE
CVE
added 2023/05/05 12:0 a.m.56 views

CVE-2023-30090

Semcms Shop v4.2 is affected by an arbitrary file upload vulnerability in the SEMCMS_Upfile.php component, enabling an attacker to upload a crafted PHP file and achieve arbitrary code execution. Affected product: Semcms Shop 4.2; vulnerable component: SEMCMS_Upfile.php; root cause: improper file ...

9.8CVSS9.7AI score0.00776EPSS
CVE
CVE
added 2023/05/19 12:0 a.m.56 views

CVE-2023-31707

SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. Root cause: input validation in Ant_Rponse.php missing, enabling arbitrary SQL execution. Impact: high confidentiality, integrity, and availability; CVSS 3.1 base score 9.8 (CRITICAL) with network access, no authentication, and no user...

9.8CVSS9.8AI score0.00752EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.55 views

CVE-2021-38734

Summary (mode C): SEMCMS SHOP version 1.1 is affected by a SQL Injection in Ant_Menu.php. The vulnerability is documented with a high-impact CVSS (CRITICAL, BOOTSTRAP: NETWORK, no privileges needed, no user interaction) affecting confidentiality, integrity, and availability. The root cause is an ...

9.8CVSS9.8AI score0.00798EPSS
CVE
CVE
added 2024/04/18 12:0 a.m.55 views

CVE-2024-30938

The CVE-2024-30938 issue affects SEMCMS v4.8 and originates from a SQL injection in the SEMCMS_User.php component, allowing a remote attacker to obtain sensitive information via the ID parameter. The vulnerability is described across multiple sources as a SQLi in SEMCMS v4.8 with high impact (con...

9.8CVSS7.5AI score0.00756EPSS
CVE
CVE
added 2024/04/03 12:0 a.m.55 views

CVE-2024-31009

CVE-2024-31009 involves a SQL injection in SEMCMS v4.8, exploitable via the lgid parameter in Banner.php. The vulnerability could allow a remote attacker to obtain sensitive information. No exploitation details are provided in the documents; CVSS base score is 6.5 (MEDIUM). Remediation or workaro...

6.5CVSS7.3AI score0.0074EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.54 views

CVE-2021-38736

The CVE-2021-38736 entry concerns SEMCMS Shop v1.1 with a SQL injection vulnerability in Ant_Global.php. The issue is documented as a high-severity (CVSS v3.1: 9.8, CRITICAL) vulnerability affecting confidentiality, integrity, and availability (C/H/I/A). Connected sources confirm the affected com...

9.8CVSS9.8AI score0.00798EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.53 views

CVE-2021-38737

The CVE-2021-38737 entry concerns SEMCMS v1.1 with a SQL Injection flaw in Ant_Pro.php. The connected sources confirm the vulnerability is due to lack of validation of externally supplied SQL statements, enabling an attacker to execute arbitrary SQL and potentially exfiltrate data. No concrete re...

9.8CVSS9.8AI score0.00798EPSS
CVE
CVE
added 2024/09/20 12:0 a.m.52 views

CVE-2024-46103

SCENARIO: SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. CVSS v3.1: 9.8 (CRITICAL) with NETWORK attack vector, no user interaction; impact to confidentiality, integrity, and availability is HIGH. Confirmed by multiple sources (CNVD-2024-39254, NVD/NVD-adjacent entries, CNNVD, Red ...

9.8CVSS8.4AI score0.0051EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.51 views

CVE-2021-38731

CVE-2021-38731 concerns SEMCMS SHOP v1.1, where Ant_Zekou.php is vulnerable to SQL injection due to input validation gaps. The weakness can allow an attacker to execute arbitrary SQL commands and potentially exfiltrate or manipulate database data. Documented impacts are high (health of data confi...

9.8CVSS9.8AI score0.0062EPSS
CVE
CVE
added 2025/01/08 11:0 p.m.51 views

CVE-2024-13193

CVE-2024-13193 affects SEMCMS up to v4.8, with a SQL injection in the SEMCMS_Images.php of the Image Library Management Page. The vulnerability is exploitable remotely and the exploit has been disclosed publicly; vendor response has been non-existent in the provided material. Connected sources co...

6.5CVSS6.7AI score0.00488EPSS
CVE
CVE
added 2018/10/28 3:0 a.m.50 views

CVE-2018-18742

CVE-2018-18742 concerns SEMCMS 3.4, where a cross-site request forgery (CSRF) vulnerability exists in the admin flow accessed via the URI admin/SEMCMS_User.php?Class=add&CF=user. The issue, described as CSRF, could enable unauthorized operations on behalf of an authenticated user. CVSS metrics fr...

8.8CVSS8.6AI score0.00523EPSS
CVE
CVE
added 2021/12/17 4:15 p.m.50 views

CVE-2020-18081

The CVE-2020-18081 entry concerns SEMCMS 3.8, where the checkuser function is vulnerable to an access-control/SQL query flaw that can disclose plaintext passwords. The vulnerability allows an attacker to obtain passwords via a crafted SQL query, with network access and no authentication required ...

7.5CVSS7.7AI score0.01135EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.50 views

CVE-2021-38730

SemCMS SHOP v1.1 is affected by a SQL Injection vulnerability in Ant_Info.php (CVE-2021-38730). The issue allows unauthenticated attackers to inject SQL, with high impact to confidentiality, integrity, and availability (CVSS 3.1: CRITICAL, AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Several connected s...

9.8CVSS9.8AI score0.00798EPSS
CVE
CVE
added 2018/10/28 3:0 a.m.48 views

CVE-2018-18745

CVE-2018-18745 is an XSS vulnerability in SEMCMS 3.4 exploitable via the admin/SEMCMS_Menu.php?lgid=1 page during editing. Connected sources consistently confirm a cross-site scripting issue affecting SEMCMS 3.4; no vendor/version patch details are provided in the documents. The NVD entry lists b...

4.8CVSS4.9AI score0.00534EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.48 views

CVE-2021-38728

CVE-2021-38728 affects SEMCMS SHOP v1.1, with a stored/reflected Cross-Site Scripting (XSS) vulnerability in Ant_M_Coup.php. The available sources indicate the issue resides in a web-exposed component, enabling an attacker to inject scripts that may be executed in a user’s browser, given network ...

6.1CVSS6AI score0.0044EPSS
CVE
CVE
added 2023/12/14 12:0 a.m.48 views

CVE-2023-50563

Semcms v4.8 contains a SQL injection vulnerability in SEMCMS_Function.php via the AID parameter. Affected component: SEMCMS_Function.php; vulnerable input AID leads to potential unauthorized data access or modification (high/critical impact per CVSS 3.1). No exploitation details are provided in t...

9.8CVSS9.7AI score0.00628EPSS
CVE
CVE
added 2018/10/29 5:0 a.m.47 views

CVE-2018-18783

CVE-2018-18783 affects SEMCMS V3.4. A reflected/DOM-like cross-site scripting vulnerability is exploitable through the semcms_remail.php?type=ok umail parameter, enabling injection of arbitrary scripts via this input. The vulnerability is documented with CVSS base scores (2.0/4.3 and 3.0/6.1) ind...

6.1CVSS5.9AI score0.00802EPSS
CVE
CVE
added 2023/07/31 12:0 a.m.47 views

CVE-2023-37647

Summary: CVE-2023-37647 affects SEMCMS v1.5, with a SQL injection vulnerability exploitable via the id parameter in the /Ant_Suxin.php endpoint. The issue is documented across multiple sources (including CNVD, NVD, Red Hat, and CVE lists) and has a high/critical impact rating (CVSS 3.1: AV:N/AC:L...

9.8CVSS9.7AI score0.00593EPSS
CVE
CVE
added 2024/06/04 12:49 p.m.47 views

CVE-2024-36800

CVE-2024-36800: A SQL injection vulnerability in SEMCMS v4.8 allows a remote attacker to disclose sensitive information via the ID parameter in Download.php. Root cause: improper handling of the ID parameter enables unauthorized database access. Impact is information disclosure; no exploitation d...

7.5CVSS7.6AI score0.007EPSS
CVE
CVE
added 2019/04/25 12:12 p.m.46 views

CVE-2019-11518

CVE-2019-11518 affects SEMCMS 3.8 with a SQL injection in SEMCMS_Inquiry.php due to incomplete protection in class.phpmailer.php inject_check_sql. The root cause is an incomplete safeguard allowing AID[] manipulation to inject SQL. CVSS metrics (NVD) list a v3 base score 7.2 (HIGH), network attac...

7.2CVSS7.4AI score0.01276EPSS
CVE
CVE
added 2021/12/17 4:13 p.m.46 views

CVE-2020-18078

CVE-2020-18078 affects SEMCMS v3.8 via a vulnerability in /include/web_check.php that allows resetting the Administrator password. Implementations in multiple feeds confirm the root cause as an access/verification issue within that script, leading to an account takeover risk for the admin account...

9.8CVSS9.3AI score0.01011EPSS
CVE
CVE
added 2022/10/28 12:0 a.m.46 views

CVE-2021-38732

CVE-2021-38732 affects SEMCMS SHOP v1.1, with a SQL injection in Ant_Message.php. The vulnerability is rated CVSS v3.1 9.8 (CRITICAL): Network attack vector, no authentication, low complexity, no user interaction required, and impacts confidentiality, integrity, and availability. Documentation co...

9.8CVSS9.5AI score0.00748EPSS
CVE
CVE
added 2018/12/10 9:0 a.m.45 views

CVE-2018-20017

CVE-2018-20017 affects SEMCMS 3.5. The vulnerability is a cross-site scripting (XSS) flaw exploitable via the first text box on the SEMCMS_Main.php URI. This is confirmed in multiple sources (NVD description and CNVD-2019-05836), which state attackers can use the vulnerability through that input ...

4.8CVSS4.9AI score0.00559EPSS
CVE
CVE
added 2023/12/04 12:0 a.m.45 views

CVE-2023-48863

CVE-2023-48863 affects SEMCMS 3.9. The vulnerability is an SQL Injection caused by insufficient input validation, allowing injected SQL to execute on the backend database. Exploitation status is not documented in the provided sources. Potential remediation noted in PT-2023-30991 suggests implemen...

7.5CVSS7.9AI score0.00858EPSS
CVE
CVE
added 2018/10/28 3:0 a.m.44 views

CVE-2018-18739

CVE-2018-18739 affects SEMCMS 3.4, with a cross-site scripting vulnerability in the admin/SEMCMS_Products.php?lgid=1 Keywords field. The issue is documented across multiple sources (NVD, CNVD, CVE lists). The connected documents confirm the vulnerable component is the Keywords input in SEMCMS 3.4...

4.8CVSS4.9AI score0.00534EPSS
CVE
CVE
added 2018/10/28 3:0 a.m.44 views

CVE-2018-18740

CVE-2018-18740 describes a cross-site scripting (XSS) vulnerability in SEMCMS 3.4. The issue occurs in the first input field when accessing the URI admin/SEMCMS_Link.php?lgid=1, allowing injection of arbitrary script/HTML. Connected sources (NVD/NVDC/CVE records and CNVD/PRION entries) consistent...

4.8CVSS4.9AI score0.00534EPSS
CVE
CVE
added 2018/10/28 3:0 a.m.43 views

CVE-2018-18741

CVE-2018-18741 describes a Cross-Site Scripting (XSS) vulnerability in SEMCMS 3.4, exploitable via the URI admin/SEMCMS_Download.php?lgid=1 during editing. The issue is documented across multiple sources (NVD, CNVD, CVE lists) with the impact characteristics: confidentiality impact LOW, integrity...

4.8CVSS4.9AI score0.00534EPSS
CVE
CVE
added 2018/10/30 6:0 a.m.41 views

CVE-2018-18840

CVE-2018-18840 is a cross-site scripting (XSS) vulnerability in SEMCMS PHP v3.4, triggered via the parameter tag_indexmetatit in SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag. Multiple connected sources corroborate the issue and identify the affected software as SEMCMS PHP v3.4. The vulnerability ...

5.4CVSS5.3AI score0.00556EPSS
CVE
CVE
added 2018/10/30 6:0 a.m.41 views

CVE-2018-18841

CVE-2018-18841 concerns an XSS vulnerability in SEMCMS PHP v3.4. The flaw stems from the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter, allowing script injection via that input. Affected software: SEMCMS PHP 3.4 (as described). The connected documents confirm the vulnerabili...

4.8CVSS4.9AI score0.00534EPSS
CVE
CVE
added 2018/10/28 3:0 a.m.40 views

CVE-2018-18743

CVE-2018-18743 affects SEMCMS 3.4 and is a Cross-Site Scripting (XSS) vulnerability exploitable via the second text field in the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI. NVD metrics show CVSS v2 base score 3.5 (LOW) with NETWORK attack vector, MEDIUM complexity, and partial integrity impact;...

4.8CVSS4.9AI score0.00534EPSS
CVE
CVE
added 2018/10/28 3:0 a.m.40 views

CVE-2018-18744

CVE-2018-18744 describes a cross-site scripting (XSS) vulnerability in SEMCMS 3.4 . The issue is exploitable via the fifth text box in the path to the URI admin/SEMCMS_Main.php , enabling an attacker to inject arbitrary script/HTML. The provided data cites an XSS impact with low to medium severit...

4.8CVSS4.9AI score0.00534EPSS
CVE
CVE
added 2018/10/28 3:0 a.m.39 views

CVE-2018-18738

An XSS vulnerability (CVE-2018-18738) affects SEMCMS 3.4, exploitable via the admin/SEMCMS_Categories.php?pid=1&lgid=1&category_key parameter. The vulnerability is due to unsafely handled input in the category_key field, enabling injection of arbitrary web script/HTML. Reported impact metrics ind...

4.8CVSS4.9AI score0.00534EPSS
CVE
CVE
added 2025/07/14 12:0 a.m.22 views

CVE-2025-51653

CVE-2025-51653 affects SemCms v5.0, where a SQL injection is possible through the pid parameter in SEMCMS_ct.php. The issue, described across multiple feeds (NVD, Red Hat, CVE listing, and PT Security), has a CVSS v3.1 base score of 5.4 (Medium) with network attack vector, low attack complexity, ...

5.4CVSS8.5AI score0.00221EPSS
Total number of security vulnerabilities59