Semcms
CVE-2024-32409
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Primary rating from Vendor (mitre) · only source for this CVE.
CVSS VectorVendor: mitre
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
Lifecycle Timeline
1DescriptionCVE.org
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script.
AnalysisAI
An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Cross-Site Scripting (XSS) (CWE-79), which allows attackers to inject malicious scripts into web pages viewed by other users. An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. Affected products include: Sem-Cms Semcms.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Sanitize all user input, use Content-Security-Policy headers, encode output contextually (HTML, JS, URL). Use frameworks with built-in XSS protection.
semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. Rated critical severity (CVSS 9.8), this vulnerabilit
SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. Rated critical severity (CVSS 9.8), this vulnerability is
An issue was discovered in SEMCMS v.4.8, allows remote attackers to execute arbitrary code, escalate privileges, and obt
SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code and obtain sensitive info
Semcms v4.8 was discovered to contain a SQL injection vulnerability via the AID parameter at SEMCMS_Function.php. Rated
SEMCMS 1.5 is vulnerable to SQL Injection via Ant_Rponse.php. Rated critical severity (CVSS 9.8), this vulnerability is
A CSRF issue was discovered in SEMCMS 3.4 via the admin/SEMCMS_User.php?Class=add&CF=user URI. Rated high severity (CVSS
SEMCMS v4.8 was discovered to contain a SQL injection vulnerability via the languageID parameter in /web_inc.php. Rated
A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID param
SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID paramet
SEMCMS 3.9 is vulnerable to SQL Injection. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, n
SEMCMS 4.8 is vulnerable to Incorrect Access Control. Rated high severity (CVSS 7.2), this vulnerability is remotely exp
Same weakness CWE-79 – Cross-site Scripting (XSS)
View allShare
External POC / Exploit Code
Leaving vuln.today