Vendor CVEs
Sem CMS
All CVEs
53 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-39169 | Hig | 0.49 | 7.5 | 0.00 | Jun 9, 2026 | SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php. | ||
| CVE-2026-39170 | Med | 0.41 | 6.3 | 0.00 | Jun 9, 2026 | SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php. | ||
| CVE-2026-1552 | Med | 0.41 | 6.3 | 0.00 | Jan 29, 2026 | A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed… | ||
| CVE-2025-51656 | 0.00 | — | 0.00 | Jul 14, 2025 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php. | |||
| CVE-2025-51660 | 0.00 | — | 0.00 | Jul 14, 2025 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php. | |||
| CVE-2025-51653 | 0.00 | — | 0.00 | Jul 14, 2025 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php. | |||
| CVE-2025-51658 | 0.00 | — | 0.00 | Jul 14, 2025 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php. | |||
| CVE-2025-51655 | 0.00 | — | 0.00 | Jul 14, 2025 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php. | |||
| CVE-2025-51654 | 0.00 | — | 0.00 | Jul 14, 2025 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php. | |||
| CVE-2025-51659 | 0.00 | — | 0.00 | Jul 14, 2025 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php. | |||
| CVE-2025-51657 | 0.00 | — | 0.00 | Jul 14, 2025 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php. | |||
| CVE-2025-51652 | 0.00 | — | 0.00 | Jul 14, 2025 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php. | |||
| CVE-2025-25686 | 0.00 | — | 0.00 | Mar 27, 2025 | semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. | |||
| CVE-2024-13193 | 0.00 | — | 0.00 | Jan 8, 2025 | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be… | |||
| CVE-2024-52725 | 0.00 | — | 0.01 | Nov 20, 2024 | SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component. | |||
| CVE-2024-46103 | 0.00 | — | 0.01 | Sep 20, 2024 | SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. | |||
| CVE-2024-36800 | 0.00 | — | 0.01 | Jun 4, 2024 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php. | |||
| CVE-2024-36801 | 0.00 | — | 0.00 | Jun 4, 2024 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php. | |||
| CVE-2024-4595 | 0.00 | — | 0.01 | May 7, 2024 | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the… | |||
| CVE-2024-32409 | 0.00 | — | 0.01 | Apr 19, 2024 | An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. | |||
| CVE-2024-30938 | 0.00 | — | 0.01 | Apr 18, 2024 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component. | |||
| CVE-2024-31012 | 0.00 | — | 0.01 | Apr 3, 2024 | An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file. | |||
| CVE-2024-31010 | 0.00 | — | 0.01 | Apr 3, 2024 | SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php. | |||
| CVE-2024-31009 | 0.00 | — | 0.01 | Apr 3, 2024 | SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php. | |||
| CVE-2024-28405 | 0.00 | — | 0.01 | Mar 29, 2024 | SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges. | |||
| CVE-2024-25422 | 0.00 | — | 0.01 | Feb 28, 2024 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component. | |||
| CVE-2023-48864 | 0.00 | — | 0.01 | Jan 10, 2024 | SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. | |||
| CVE-2023-50563 | 0.00 | — | 0.01 | Dec 14, 2023 | Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php. | |||
| CVE-2023-48863 | 0.00 | — | 0.01 | Dec 4, 2023 | SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands… | |||
| CVE-2020-23564 | 0.00 | — | 0.01 | Aug 5, 2023 | File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php. | |||
| CVE-2020-18432 | 0.00 | — | 0.01 | Jun 30, 2023 | File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges. | |||
| CVE-2023-31707 | 0.00 | — | 0.01 | May 19, 2023 | SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. | |||
| CVE-2021-38737 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php. | |||
| CVE-2021-38730 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php. | |||
| CVE-2021-38729 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php. | |||
| CVE-2021-38731 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php. | |||
| CVE-2021-38734 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php. | |||
| CVE-2021-38217 | 0.00 | — | 0.01 | Oct 28, 2022 | SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php. | |||
| CVE-2022-2726 | 0.00 | — | 0.01 | Aug 9, 2022 | A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and… | |||
| CVE-2020-18081 | 0.00 | — | 0.01 | Dec 17, 2021 | The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query. | |||
| CVE-2020-18078 | 0.00 | — | 0.01 | Dec 17, 2021 | A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password. | |||
| CVE-2019-11518 | 0.00 | — | 0.01 | Apr 25, 2019 | An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete. | |||
| CVE-2018-20017 | 0.00 | — | 0.01 | Dec 10, 2018 | SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. | |||
| CVE-2018-18841 | 0.00 | — | 0.01 | Oct 30, 2018 | XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter. | |||
| CVE-2018-18840 | 0.00 | — | 0.01 | Oct 30, 2018 | XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter. | |||
| CVE-2018-18783 | 0.00 | — | 0.01 | Oct 29, 2018 | XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter. | |||
| CVE-2018-18742 | 0.00 | — | 0.01 | Oct 28, 2018 | A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. | |||
| CVE-2018-18744 | 0.00 | — | 0.01 | Oct 28, 2018 | An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI. | |||
| CVE-2018-18741 | 0.00 | — | 0.01 | Oct 28, 2018 | An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing. | |||
| CVE-2018-18739 | 0.00 | — | 0.01 | Oct 28, 2018 | An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field. |
- risk 0.49cvss 7.5epss 0.00
SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.
- risk 0.41cvss 6.3epss 0.00
SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed…
- CVE-2025-51656Jul 14, 2025risk 0.00cvss —epss 0.00
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.
- CVE-2025-51660Jul 14, 2025risk 0.00cvss —epss 0.00
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.
- CVE-2025-51653Jul 14, 2025risk 0.00cvss —epss 0.00
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.
- CVE-2025-51658Jul 14, 2025risk 0.00cvss —epss 0.00
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.
- CVE-2025-51655Jul 14, 2025risk 0.00cvss —epss 0.00
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.
- CVE-2025-51654Jul 14, 2025risk 0.00cvss —epss 0.00
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.
- CVE-2025-51659Jul 14, 2025risk 0.00cvss —epss 0.00
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.
- CVE-2025-51657Jul 14, 2025risk 0.00cvss —epss 0.00
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.
- CVE-2025-51652Jul 14, 2025risk 0.00cvss —epss 0.00
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.
- CVE-2025-25686Mar 27, 2025risk 0.00cvss —epss 0.00
semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.
- CVE-2024-13193Jan 8, 2025risk 0.00cvss —epss 0.00
A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be…
- CVE-2024-52725Nov 20, 2024risk 0.00cvss —epss 0.01
SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component.
- CVE-2024-46103Sep 20, 2024risk 0.00cvss —epss 0.01
SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.
- CVE-2024-36800Jun 4, 2024risk 0.00cvss —epss 0.01
A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php.
- CVE-2024-36801Jun 4, 2024risk 0.00cvss —epss 0.00
A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php.
- CVE-2024-4595May 7, 2024risk 0.00cvss —epss 0.01
A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the…
- CVE-2024-32409Apr 19, 2024risk 0.00cvss —epss 0.01
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.
- CVE-2024-30938Apr 18, 2024risk 0.00cvss —epss 0.01
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.
- CVE-2024-31012Apr 3, 2024risk 0.00cvss —epss 0.01
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.
- CVE-2024-31010Apr 3, 2024risk 0.00cvss —epss 0.01
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.
- CVE-2024-31009Apr 3, 2024risk 0.00cvss —epss 0.01
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.
- CVE-2024-28405Mar 29, 2024risk 0.00cvss —epss 0.01
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.
- CVE-2024-25422Feb 28, 2024risk 0.00cvss —epss 0.01
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.
- CVE-2023-48864Jan 10, 2024risk 0.00cvss —epss 0.01
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.
- CVE-2023-50563Dec 14, 2023risk 0.00cvss —epss 0.01
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.
- CVE-2023-48863Dec 4, 2023risk 0.00cvss —epss 0.01
SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands…
- CVE-2020-23564Aug 5, 2023risk 0.00cvss —epss 0.01
File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.
- CVE-2020-18432Jun 30, 2023risk 0.00cvss —epss 0.01
File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.
- CVE-2023-31707May 19, 2023risk 0.00cvss —epss 0.01
SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.
- CVE-2021-38737Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.
- CVE-2021-38730Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.
- CVE-2021-38729Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.
- CVE-2021-38731Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.
- CVE-2021-38734Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.
- CVE-2021-38217Oct 28, 2022risk 0.00cvss —epss 0.01
SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.
- CVE-2022-2726Aug 9, 2022risk 0.00cvss —epss 0.01
A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and…
- CVE-2020-18081Dec 17, 2021risk 0.00cvss —epss 0.01
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.
- CVE-2020-18078Dec 17, 2021risk 0.00cvss —epss 0.01
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.
- CVE-2019-11518Apr 25, 2019risk 0.00cvss —epss 0.01
An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete.
- CVE-2018-20017Dec 10, 2018risk 0.00cvss —epss 0.01
SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.
- CVE-2018-18841Oct 30, 2018risk 0.00cvss —epss 0.01
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter.
- CVE-2018-18840Oct 30, 2018risk 0.00cvss —epss 0.01
XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.
- CVE-2018-18783Oct 29, 2018risk 0.00cvss —epss 0.01
XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.
- CVE-2018-18742Oct 28, 2018risk 0.00cvss —epss 0.01
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.
- CVE-2018-18744Oct 28, 2018risk 0.00cvss —epss 0.01
An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI.
- CVE-2018-18741Oct 28, 2018risk 0.00cvss —epss 0.01
An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing.
- CVE-2018-18739Oct 28, 2018risk 0.00cvss —epss 0.01
An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field.
Page 1 of 2