Vulnerabilities > SEM CMS

DATE CVE VULNERABILITY TITLE RISK
2024-01-10 CVE-2023-48864 SQL Injection vulnerability in Sem-Cms Semcms 4.8
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.
network
low complexity
sem-cms CWE-89
7.5
2023-12-14 CVE-2023-50563 SQL Injection vulnerability in Sem-Cms Semcms 4.8
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.
network
low complexity
sem-cms CWE-89
critical
9.8
2023-12-04 CVE-2023-48863 SQL Injection vulnerability in Sem-Cms Semcms 3.9
SEMCMS 3.9 is vulnerable to SQL Injection.
network
low complexity
sem-cms CWE-89
7.5
2023-08-05 CVE-2020-23564 Unrestricted Upload of File with Dangerous Type vulnerability in Sem-Cms Semcms 3.9
File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.
network
low complexity
sem-cms CWE-434
7.2
2023-07-31 CVE-2023-37647 SQL Injection vulnerability in Sem-Cms Semcms 1.5
SEMCMS v1.5 was discovered to contain a SQL injection vulnerability via the id parameter at /Ant_Suxin.php.
network
low complexity
sem-cms CWE-89
critical
9.8
2023-06-30 CVE-2020-18432 Unrestricted Upload of File with Dangerous Type vulnerability in Sem-Cms Semcms 3.7
File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.
network
low complexity
sem-cms CWE-434
critical
9.8
2023-05-19 CVE-2023-31707 SQL Injection vulnerability in Sem-Cms Semcms 1.5
SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php.
network
low complexity
sem-cms CWE-89
critical
9.8
2023-05-05 CVE-2023-30090 Unrestricted Upload of File with Dangerous Type vulnerability in Sem-Cms Semcms 4.2
Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php.
network
low complexity
sem-cms CWE-434
critical
9.8
2022-10-28 CVE-2021-38217 SQL Injection vulnerability in Sem-Cms Semcms 1.2
SEMCMS v 1.2 is vulnerable to SQL Injection via SEMCMS_User.php.
network
low complexity
sem-cms CWE-89
critical
9.8
2022-10-28 CVE-2021-38728 Cross-site Scripting vulnerability in Sem-Cms Semcms 1.1
SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS) via Ant_M_Coup.php.
network
low complexity
sem-cms CWE-79
6.1