VYPR

Semcms

by Sem CMS

CVEs (53)

  • CVE-2024-30938Apr 18, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.

  • CVE-2024-31012Apr 3, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.

  • CVE-2024-31010Apr 3, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.

  • CVE-2024-31009Apr 3, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.

  • CVE-2024-28405Mar 29, 2024
    risk 0.00cvss epss 0.01

    SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.

  • CVE-2024-25422Feb 28, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.

  • CVE-2023-48864Jan 10, 2024
    risk 0.00cvss epss 0.01

    SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.

  • CVE-2023-50563Dec 14, 2023
    risk 0.00cvss epss 0.01

    Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.

  • CVE-2023-48863Dec 4, 2023
    risk 0.00cvss epss 0.01

    SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands…

  • CVE-2020-23564Aug 5, 2023
    risk 0.00cvss epss 0.01

    File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.

  • CVE-2020-18432Jun 30, 2023
    risk 0.00cvss epss 0.01

    File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.

  • CVE-2023-31707May 19, 2023
    risk 0.00cvss epss 0.01

    SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.

  • CVE-2021-38737Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.

  • CVE-2021-38730Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.

  • CVE-2021-38729Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.

  • CVE-2021-38731Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.

  • CVE-2021-38734Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.

  • CVE-2021-38217Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.

  • CVE-2022-2726Aug 9, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and…

  • CVE-2020-18081Dec 17, 2021
    risk 0.00cvss epss 0.01

    The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.