CVE-2023-30090 — CVSS 9.8 (critical): Semcms Shop v4.2 was discovered to contain an arbitrary file uplaod vulnerability via the component SEMCMS_Upfile.php. This vulnerability…
CVE-2024-31012 — CVSS 9.8 (critical): An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obtain sensitive…
CVE-2024-30938 — CVSS 9.8 (critical): SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the…
CVE-2024-25422 — CVSS 9.8 (critical): SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive information via the…
CVE-2020-18078 — CVSS 9.8 (critical): A vulnerability in /include/web_check.php of SEMCMS v3.8 allows attackers to reset the Administrator account's password.
CVE-2020-18432 — CVSS 9.8 (critical): File Upload vulnerability in SEMCMS PHP 3.7 allows remote attackers to upload arbitrary files and gain escalated privileges.
CVE-2023-50563 — CVSS 9.8 (critical): Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php.
CVE-2018-18742 — CVSS 8.8 (high): A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI.
CVE-2024-36800 — CVSS 7.5 (high): A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in…
CVE-2023-48864 — CVSS 7.5 (high): SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php.
CVE-2024-31010 — CVSS 7.5 (high): SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Banner.php.
CVE-2020-18081 — CVSS 7.5 (high): The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext…
CVE-2023-48863 — CVSS 7.5 (high): SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the…
CVE-2024-28405 — CVSS 7.2 (high): SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in…
CVE-2019-11518 — CVSS 7.2 (high): An issue was discovered in SEMCMS 3.8. SEMCMS_Inquiry.php allows AID[] SQL Injection because the class.phpmailer.php inject_check_sql…
CVE-2020-23564 — CVSS 7.2 (high): File Upload vulnerability in SEMCMS 3.9 allows remote attackers to run arbitrary code via SEMCMS_Upfile.php.
CVE-2024-32409 — CVSS 7.1 (high): An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.
CVE-2024-31009 — CVSS 6.5 (medium): SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via lgid parameter in Banner.php.
CVE-2024-4595 — CVSS 6.3 (medium): A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the…
CVE-2022-2726 — CVSS 6.3 (medium): A vulnerability classified as critical has been found in SEMCMS. This affects an unknown part of the file Ant_Check.php. The manipulation…
CVE-2024-13193 — CVSS 6.3 (medium): A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality…
CVE-2026-1552 — CVSS 6.3 (medium): A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The…
CVE-2024-36801 — CVSS 5.9 (medium): A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in…
CVE-2025-51655 — CVSS 5.4 (medium): SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php.
CVE-2025-51656 — CVSS 5.4 (medium): SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php.
CVE-2025-51657 — CVSS 5.4 (medium): SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php.
CVE-2025-51658 — CVSS 5.4 (medium): SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php.
CVE-2025-51652 — CVSS 5.4 (medium): SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php.
CVE-2018-18840 — CVSS 5.4 (medium): XSS was discovered in SEMCMS PHP V3.4 via the SEMCMS_SeoAndTag.php?Class=edit&CF=SeoAndTag tag_indexmetatit parameter.
CVE-2025-51660 — CVSS 5.4 (medium): SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php.
CVE-2025-51659 — CVSS 5.4 (medium): SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php.
CVE-2025-51653 — CVSS 5.4 (medium): SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php.
CVE-2025-51654 — CVSS 5.4 (medium): SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php.
CVE-2024-52725 — CVSS 4.9 (medium): SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid…
CVE-2018-18743 — CVSS 4.8 (medium): An XSS issue was discovered in SEMCMS 3.4 via the second text field to the admin/SEMCMS_Categories.php?pid=1&lgid=1 URI.