SQL Injection Vulnerability in SEMCMS 5.0 by SEMCMS
CVE-2026-1552
Key Information:
Badges
What is CVE-2026-1552?
A SQL injection vulnerability exists in SEMCMS 5.0, specifically within the /SEMCMS_Info.php file. This flaw allows remote attackers to manipulate the 'searchml' parameter, potentially gaining unauthorized access to sensitive database contents. Publicly disclosed exploits present a significant risk as attackers may leverage this vulnerability to execute arbitrary SQL commands. Immediate action is advised as the vendor did not respond to initial warnings regarding this security flaw.
Affected Version(s)
SEMCMS 5.0
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V4
Timeline
- 🟡
Public PoC available
- 👾
Exploit known to exist
Vulnerability published
Vulnerability Reserved
