Semcms
by Sem CMS
CVEs (53)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-30938 | 0.00 | — | 0.01 | Apr 18, 2024 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component. | |||
| CVE-2024-31012 | 0.00 | — | 0.01 | Apr 3, 2024 | An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. | |||
| CVE-2024-31010 | 0.00 | — | 0.01 | Apr 3, 2024 | SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php. | |||
| CVE-2024-31009 | 0.00 | — | 0.01 | Apr 3, 2024 | SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php. | |||
| CVE-2024-28405 | 0.00 | — | 0.01 | Mar 29, 2024 | SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges. | |||
| CVE-2024-25422 | 0.00 | — | 0.01 | Feb 28, 2024 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component. | |||
| CVE-2023-48864 | 0.00 | — | 0.01 | Jan 10, 2024 | SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. | |||
| CVE-2023-50563 | 0.00 | — | 0.01 | Dec 14, 2023 | Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php. | |||
| CVE-2023-48863 | 0.00 | — | 0.01 | Dec 4, 2023 | SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands… | |||
| CVE-2020-23564 | 0.00 | — | 0.01 | Aug 5, 2023 | File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php. | |||
| CVE-2020-18432 | 0.00 | — | 0.01 | Jun 30, 2023 | File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. | |||
| CVE-2023-31707 | 0.00 | — | 0.01 | May 19, 2023 | SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. | |||
| CVE-2021-38737 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. | |||
| CVE-2021-38730 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. | |||
| CVE-2021-38729 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. | |||
| CVE-2021-38731 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. | |||
| CVE-2021-38734 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. | |||
| CVE-2021-38217 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. | |||
| CVE-2022-2726 | 0.00 | — | 0.01 | Aug 9, 2022 | A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and… | |||
| CVE-2020-18081 | 0.00 | — | 0.01 | Dec 17, 2021 | The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. |
- CVE-2024-30938Apr 18, 2024risk 0.00cvss —epss 0.01
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.
- CVE-2024-31012Apr 3, 2024risk 0.00cvss —epss 0.01
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.
- CVE-2024-31010Apr 3, 2024risk 0.00cvss —epss 0.01
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.
- CVE-2024-31009Apr 3, 2024risk 0.00cvss —epss 0.01
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.
- CVE-2024-28405Mar 29, 2024risk 0.00cvss —epss 0.01
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.
- CVE-2024-25422Feb 28, 2024risk 0.00cvss —epss 0.01
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.
- CVE-2023-48864Jan 10, 2024risk 0.00cvss —epss 0.01
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.
- CVE-2023-50563Dec 14, 2023risk 0.00cvss —epss 0.01
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.
- CVE-2023-48863Dec 4, 2023risk 0.00cvss —epss 0.01
SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands…
- CVE-2020-23564Aug 5, 2023risk 0.00cvss —epss 0.01
File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.
- CVE-2020-18432Jun 30, 2023risk 0.00cvss —epss 0.01
File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.
- CVE-2023-31707May 19, 2023risk 0.00cvss —epss 0.01
SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.
- CVE-2021-38737Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.
- CVE-2021-38730Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.
- CVE-2021-38729Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.
- CVE-2021-38731Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.
- CVE-2021-38734Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.
- CVE-2021-38217Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.
- CVE-2022-2726Aug 9, 2022risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and…
- CVE-2020-18081Dec 17, 2021risk 0.00cvss —epss 0.01
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.
Page 2 of 3