SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-04-03
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.
CVSS Score
9.8
EPSS Score
0.039
Published
2024-04-03
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-03-29
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.
CVSS Score
9.8
EPSS Score
0.015
Published
2024-02-28
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.
CVSS Score
7.5
EPSS Score
0.001
Published
2024-01-10
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2023-12-14
Page 3