Sem-Cms Semcms vulnerabilities
58 known vulnerabilities affecting sem-cms/semcms.
Total CVEs
58
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL21HIGH10MEDIUM26LOW1
Vulnerabilities
Page 1 of 3
CVE-2026-1552P2CRITICALCVSS 9.8v5.02026-01-29
CVE-2026-1552 [CRITICAL] CWE-74 CVE-2026-1552: A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of
A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosu
nvd
CVE-2020-18432P3CRITICALCVSS 9.8v3.72023-06-30
CVE-2020-18432 [CRITICAL] CWE-434 CVE-2020-18432: File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and ga
File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.
nvd
CVE-2024-31012P3CRITICALCVSS 9.8v4.82024-04-03
CVE-2024-31012 [CRITICAL] CWE-434 CVE-2024-31012: An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive information via the upload.php file.
nvd
CVE-2024-25422P3CRITICALCVSS 9.8v4.82024-02-28
CVE-2024-25422 [CRITICAL] CWE-89 CVE-2024-25422: SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and o
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the SEMCMS_Menu.php component.
nvd
CVE-2023-30090P3CRITICALCVSS 9.8v4.22023-05-05
CVE-2023-30090 [CRITICAL] CWE-434 CVE-2023-30090: Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component
Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability allows attackers to execute arbitrary code via uploading a crafted PHP file.
nvd
CVE-2023-50563P3CRITICALCVSS 9.8v4.82023-12-14
CVE-2023-50563 [CRITICAL] CWE-89 CVE-2023-50563: Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.
nvd
CVE-2020-18078P3CRITICALCVSS 9.8v3.82021-12-17
CVE-2020-18078 [CRITICAL] CVE-2020-18078: A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator
A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.
nvd
CVE-2025-25686P3CRITICALCVSS 9.8≤ 5.02025-03-27
CVE-2025-25686 [CRITICAL] CWE-89 CVE-2025-25686: semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.
semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php.
nvd
CVE-2023-48863P3HIGHCVSS 7.5v3.92023-12-04
CVE-2023-48863 [HIGH] CWE-89 CVE-2023-48863: SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the ap
SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the
nvd
CVE-2024-46103P3CRITICALCVSS 9.8v4.82024-09-20
CVE-2024-46103 [CRITICAL] CWE-94 CVE-2024-46103: SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.
SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php.
nvd
CVE-2020-23564P3HIGHCVSS 7.2v3.92023-08-05
CVE-2020-23564 [HIGH] CWE-434 CVE-2020-23564: File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upf
File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.
nvd
CVE-2021-38729P3CRITICALCVSS 9.8v1.12022-10-28
CVE-2021-38729 [CRITICAL] CWE-89 CVE-2021-38729: SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Plist.php.
nvd
CVE-2021-38730P3CRITICALCVSS 9.8v1.12022-10-28
CVE-2021-38730 [CRITICAL] CWE-89 CVE-2021-38730: SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Info.php.
nvd
CVE-2021-38737P3CRITICALCVSS 9.8v1.12022-10-28
CVE-2021-38737 [CRITICAL] CWE-89 CVE-2021-38737: SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.
SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.
nvd
CVE-2021-38734P3CRITICALCVSS 9.8v1.12022-10-28
CVE-2021-38734 [CRITICAL] CWE-89 CVE-2021-38734: SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Menu.php.
nvd
CVE-2021-38736P3CRITICALCVSS 9.8v1.12022-10-28
CVE-2021-38736 [CRITICAL] CWE-89 CVE-2021-38736: SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.
SEMCMS Shop V 1.1 is vulnerable to SQL Injection via Ant_Global.php.
nvd
CVE-2024-30938P3CRITICALCVSS 9.8v4.82024-04-19
CVE-2024-30938 [CRITICAL] CWE-89 CVE-2024-30938: SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.
nvd
CVE-2023-31707P3CRITICALCVSS 9.8v1.52023-05-19
CVE-2023-31707 [CRITICAL] CWE-89 CVE-2023-31707: SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.
SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.
nvd
CVE-2021-38217P3CRITICALCVSS 9.8v1.22022-10-28
CVE-2021-38217 [CRITICAL] CWE-89 CVE-2021-38217: SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.
SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.
nvd
CVE-2021-38731P3CRITICALCVSS 9.8v1.12022-10-28
CVE-2021-38731 [CRITICAL] CWE-89 CVE-2021-38731: SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_Zekou.php.
nvd
1 / 3Next →