Sem-Cms Semcms vulnerabilities
58 known vulnerabilities affecting sem-cms/semcms.
Total CVEs
58
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL21HIGH10MEDIUM26LOW1
Vulnerabilities
Page 2 of 3
CVE-2021-38733P3CRITICALCVSS 9.8v1.12022-10-28
CVE-2021-38733 [CRITICAL] CWE-89 CVE-2021-38733: SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.
SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via Ant_BlogCat.php.
nvd
CVE-2024-31010P3HIGHCVSS 7.5v4.82024-04-03
CVE-2024-31010 [HIGH] CWE-89 CVE-2024-31010: SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive informatio
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.
nvd
CVE-2024-36800P3HIGHCVSS 7.5v4.82024-06-04
CVE-2024-36800 [HIGH] CWE-89 CVE-2024-36800: A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive informat
A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php.
nvd
CVE-2023-48864P3HIGHCVSS 7.5v4.82024-01-10
CVE-2023-48864 [HIGH] CWE-89 CVE-2023-48864: SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.
nvd
CVE-2021-38732P3CRITICALCVSS 9.8v1.12022-10-28
CVE-2021-38732 [CRITICAL] CWE-89 CVE-2021-38732: SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.
SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.
nvd
CVE-2024-28405P3HIGHCVSS 7.2v4.82024-03-29
CVE-2024-28405 [HIGH] CWE-284 CVE-2024-28405: SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before ch
SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.
nvd
CVE-2020-18081P3HIGHCVSS 7.5v3.82021-12-17
CVE-2020-18081 [HIGH] CWE-89 CVE-2020-18081: The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attacker
The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.
nvd
CVE-2023-37647P3CRITICALCVSS 9.8v1.52023-07-31
CVE-2023-37647 [CRITICAL] CWE-89 CVE-2023-37647: SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Sux
SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.
nvd
CVE-2024-4595P3MEDIUMCVSS 6.5≤ 4.8v4.0+8 more2024-05-07
CVE-2024-4595 [MEDIUM] CWE-89 CVE-2024-4595: A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vuln
A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerab
nvd
CVE-2024-31009P3MEDIUMCVSS 6.5v4.82024-04-03
CVE-2024-31009 [MEDIUM] CWE-89 CVE-2024-31009: SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive informatio
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.
nvd
CVE-2019-11518P3HIGHCVSS 7.2v3.82019-04-25
CVE-2019-11518 [HIGH] CWE-89 CVE-2019-11518: An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the cla
An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql protection mechanism is incomplete.
nvd
CVE-2018-18742P4HIGHCVSS 8.8v3.42018-10-29
CVE-2018-18742 [HIGH] CWE-352 CVE-2018-18742: A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.
nvd
CVE-2024-32409P3HIGHCVSS 7.1v4.82024-04-19
CVE-2024-32409 [HIGH] CWE-79 CVE-2024-32409: An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.
nvd
CVE-2025-51656P4MEDIUMCVSS 5.4≤ 5.02025-07-14
CVE-2025-51656 [MEDIUM] CWE-89 CVE-2025-51656: SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_L
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.
nvd
CVE-2025-51660P4MEDIUMCVSS 5.4≤ 5.02025-07-14
CVE-2025-51660 [MEDIUM] CWE-89 CVE-2025-51660: SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.
nvd
CVE-2025-51659P4MEDIUMCVSS 5.4≤ 5.02025-07-14
CVE-2025-51659 [MEDIUM] CWE-89 CVE-2025-51659: SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_P
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.
nvd
CVE-2025-51658P4MEDIUMCVSS 5.4≤ 5.02025-07-14
CVE-2025-51658 [MEDIUM] CWE-89 CVE-2025-51658: SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_I
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.
nvd
CVE-2025-51655P4MEDIUMCVSS 5.4≤ 5.02025-07-14
CVE-2025-51655 [MEDIUM] CWE-89 CVE-2025-51655: SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.
nvd
CVE-2025-51653P4MEDIUMCVSS 5.4≤ 5.02025-07-14
CVE-2025-51653 [MEDIUM] CWE-89 CVE-2025-51653: SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.
nvd
CVE-2025-51654P4MEDIUMCVSS 5.4≤ 5.02025-07-14
CVE-2025-51654 [MEDIUM] CWE-89 CVE-2025-51654: SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_
SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.
nvd