VYPR
Vendor

Sem CMS

Products
1
CVEs
53
Across products
53
Status
Private

Products

1

Recent CVEs

53
View all 53 CVEs →
  • CVE-2026-39169HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.

  • CVE-2026-39170MedJun 9, 2026
    risk 0.41cvss 6.3epss 0.00

    SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.

  • CVE-2026-1552MedJan 29, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed…

  • CVE-2025-51657Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.

  • CVE-2025-51659Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.

  • CVE-2025-51652Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.

  • CVE-2025-51653Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.

  • CVE-2025-51658Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.

  • CVE-2025-51654Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.

  • CVE-2025-51656Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.

  • CVE-2025-51655Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.

  • CVE-2025-51660Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.

  • CVE-2025-25686Mar 27, 2025
    risk 0.00cvss epss 0.00

    semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.

  • CVE-2024-13193Jan 8, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be…

  • CVE-2024-52725Nov 20, 2024
    risk 0.00cvss epss 0.01

    SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component.

  • CVE-2024-46103Sep 20, 2024
    risk 0.00cvss epss 0.01

    SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.

  • CVE-2024-36800Jun 4, 2024
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php.

  • CVE-2024-36801Jun 4, 2024
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php.

  • CVE-2024-4595May 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the…

  • CVE-2024-32409Apr 19, 2024
    risk 0.00cvss epss 0.01

    An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.