SQL Injection Vulnerability in SEMCMS Product
CVE-2024-25422

9.8CRITICAL

Key Information:

Vendor: SEMCMS
Status: Semcms
Vendor: CVE Published:; 28 February 2024

What is CVE-2024-25422?

A significant SQL Injection vulnerability exists in SEMCMS version 4.8, which may allow unauthorized remote attackers to execute arbitrary code and gain access to sensitive information. The vulnerability is tied to the SEMCMS_Menu.php component, where inadequate input validation can lead to the execution of malicious SQL queries. This can ultimately compromise the integrity and confidentiality of the data handled by the application. It is essential for users and administrators of SEMCMS to implement security best practices and apply necessary patches to mitigate potential risks associated with this vulnerability.

References

https://github.com/tzyyyyyyy/semcms

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 28, 2024