VYPR

Vendor CVEs

Sem CMS

All CVEs

53 total · sorted by risk
  • CVE-2026-39169HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    SEMCMS 5.0 is vulnerable to unauthorized access in SEMCMS_copy.php.

  • CVE-2026-39170MedJun 9, 2026
    risk 0.41cvss 6.3epss 0.00

    SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.

  • CVE-2026-1552MedJan 29, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed…

  • CVE-2025-51656Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.

  • CVE-2025-51660Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.

  • CVE-2025-51653Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.

  • CVE-2025-51658Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.

  • CVE-2025-51655Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.

  • CVE-2025-51654Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.

  • CVE-2025-51659Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.

  • CVE-2025-51657Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.

  • CVE-2025-51652Jul 14, 2025
    risk 0.00cvss epss 0.00

    SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.

  • CVE-2025-25686Mar 27, 2025
    risk 0.00cvss epss 0.00

    semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.

  • CVE-2024-13193Jan 8, 2025
    risk 0.00cvss epss 0.00

    A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be…

  • CVE-2024-52725Nov 20, 2024
    risk 0.00cvss epss 0.01

    SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component.

  • CVE-2024-46103Sep 20, 2024
    risk 0.00cvss epss 0.01

    SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.

  • CVE-2024-36800Jun 4, 2024
    risk 0.00cvss epss 0.01

    A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php.

  • CVE-2024-36801Jun 4, 2024
    risk 0.00cvss epss 0.00

    A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php.

  • CVE-2024-4595May 7, 2024
    risk 0.00cvss epss 0.01

    A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the…

  • CVE-2024-32409Apr 19, 2024
    risk 0.00cvss epss 0.01

    An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.

  • CVE-2024-30938Apr 18, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.

  • CVE-2024-31012Apr 3, 2024
    risk 0.00cvss epss 0.01

    An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.

  • CVE-2024-31010Apr 3, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.

  • CVE-2024-31009Apr 3, 2024
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.

  • CVE-2024-28405Mar 29, 2024
    risk 0.00cvss epss 0.01

    SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.

  • CVE-2024-25422Feb 28, 2024
    risk 0.00cvss epss 0.01

    SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.

  • CVE-2023-48864Jan 10, 2024
    risk 0.00cvss epss 0.01

    SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.

  • CVE-2023-50563Dec 14, 2023
    risk 0.00cvss epss 0.01

    Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.

  • CVE-2023-48863Dec 4, 2023
    risk 0.00cvss epss 0.01

    SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands…

  • CVE-2020-23564Aug 5, 2023
    risk 0.00cvss epss 0.01

    File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.

  • CVE-2020-18432Jun 30, 2023
    risk 0.00cvss epss 0.01

    File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.

  • CVE-2023-31707May 19, 2023
    risk 0.00cvss epss 0.01

    SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.

  • CVE-2021-38737Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.

  • CVE-2021-38730Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.

  • CVE-2021-38729Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.

  • CVE-2021-38731Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.

  • CVE-2021-38734Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.

  • CVE-2021-38217Oct 28, 2022
    risk 0.00cvss epss 0.01

    SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.

  • CVE-2022-2726Aug 9, 2022
    risk 0.00cvss epss 0.01

    A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation of the argument DID leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and…

  • CVE-2020-18081Dec 17, 2021
    risk 0.00cvss epss 0.01

    The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.

  • CVE-2020-18078Dec 17, 2021
    risk 0.00cvss epss 0.01

    A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.

  • CVE-2019-11518Apr 25, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete.

  • CVE-2018-20017Dec 10, 2018
    risk 0.00cvss epss 0.01

    SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.

  • CVE-2018-18841Oct 30, 2018
    risk 0.00cvss epss 0.01

    XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexkey parameter.

  • CVE-2018-18840Oct 30, 2018
    risk 0.00cvss epss 0.01

    XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.

  • CVE-2018-18783Oct 29, 2018
    risk 0.00cvss epss 0.01

    XSS was discovered in SEMCMS V3.4 via the semcms_remail.php?type=ok umail parameter.

  • CVE-2018-18742Oct 28, 2018
    risk 0.00cvss epss 0.01

    A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.

  • CVE-2018-18744Oct 28, 2018
    risk 0.00cvss epss 0.01

    An XSS issue was discovered in SEMCMS 3.4 via the fifth text box to the admin/SEMCMS_Main.php URI.

  • CVE-2018-18741Oct 28, 2018
    risk 0.00cvss epss 0.01

    An XSS issue was discovered in SEMCMS 3.4 via admin/SEMCMS_Download.php?lgid=1 during editing.

  • CVE-2018-18739Oct 28, 2018
    risk 0.00cvss epss 0.01

    An XSS issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_Products.php?lgid=1 Keywords field.

Page 1 of 2