Semcms@4.8 Security Vulnerabilities and Issues — Semcms@4.8 CVE List

Lucene search

Sem-cmsSemcms4.8

13 matches found

CVE•added 2024/02/28 11:15 p.m.•7786 views

CVE-2024-25422

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.

9.8CVSS8.2AI score0.01454EPSS

CVE•added 2024/06/04 1:15 p.m.•64 views

CVE-2024-36801

A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php.

5.9CVSS7.6AI score0.00258EPSS

CVE•added 2024/03/29 3:15 p.m.•57 views

CVE-2024-28405

SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.

7.2CVSS7.3AI score0.0019EPSS

CVE•added 2024/04/03 4:15 a.m.•55 views

CVE-2024-31010

SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.

7.5CVSS7.3AI score0.00108EPSS

CVE•added 2024/04/03 4:15 a.m.•54 views

CVE-2024-31012

An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.

9.8CVSS7.5AI score0.03885EPSS

CVE•added 2024/11/20 5:15 p.m.•53 views

CVE-2024-52725

SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component.

4.9CVSS8.8AI score0.00236EPSS

CVE•added 2024/12/03 10:15 p.m.•48 views

CVE-2024-53502

Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page.

3.8CVSS8.4AI score0.00067EPSS

CVE•added 2024/04/03 4:15 a.m.•46 views

CVE-2024-31009

SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.

6.5CVSS7.3AI score0.001EPSS

CVE•added 2024/04/19 4:15 p.m.•46 views

CVE-2024-32409

An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.

7.1CVSS7.8AI score0.02113EPSS

CVE•added 2024/04/19 12:15 a.m.•45 views

CVE-2024-30938

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.

9.8CVSS7.5AI score0.00589EPSS

CVE•added 2024/01/10 8:15 a.m.•42 views

CVE-2023-48864

SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.

7.5CVSS7.7AI score0.00117EPSS

CVE•added 2024/06/04 1:15 p.m.•35 views

CVE-2024-36800

A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php.

7.5CVSS7.6AI score0.00076EPSS

CVE•added 2024/09/20 9:15 p.m.•35 views

CVE-2024-46103

SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.

9.8CVSS8.4AI score0.00143EPSS