Remote SQL Injection Vulnerability in SEMCMS v.4.8 Allows Attacker to Obtain Sensitive Information via ID Parameter
CVE-2024-30938

Currently unrated

Key Information:

Vendor: SEMCMS
Status: Semcms
Vendor: CVE Published:; 19 April 2024

What is CVE-2024-30938?

SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component.

References

https://github.com/lampSEC/semcms/blob/main/semcms.md

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 19, 2024