Skip to main content

SEM-PMP CVE-2026-5801

| EUVDEUVD-2026-42972 CRITICAL
SQL Injection (CWE-89)
2026-07-10 TR-CERT GHSA-q94r-r39w-76f6
9.8
CVSS 3.1 · Vendor: TR-CERT
Share

Severity by source

Vendor (TR-CERT) PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vuln.today AI
9.8 CRITICAL

Unauthenticated network-reachable SQL injection (AV:N/AC:L/PR:N/UI:N) yielding command execution gives full C/I/A impact; scope unchanged as OS access stems from DB privileges within the same authorization context.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (TR-CERT).

CVSS VectorVendor: TR-CERT

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
Analysis Generated
Jul 10, 2026 - 18:52 vuln.today

DescriptionCVE.org

Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection.

This issue affects SEM-PMP: through 23042026.

AnalysisAI

SQL injection in Semtek SEM-PMP through build 23042026 allows remote attackers to inject arbitrary SQL and, per the vendor description, escalate to operating-system command execution through the database layer. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) rating and is reachable over the network without authentication or user interaction. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Locate exposed SEM-PMP endpoint
Delivery
Identify unsanitized SQL parameter
Exploit
Inject crafted SQL payload
Execution
Invoke database command-execution procedure
Persist
Run OS commands on server
Impact
Exfiltrate data and establish control

Vulnerability AssessmentAI

Exploitation No special conditions - remote unauthenticated exploitation against network-reachable SEM-PMP instances through build 23042026, per CVSS AV:N/AC:L/PR:N/UI:N. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, 9.8) signals worst-case reachability: network attack vector, low complexity, no privileges, and no user interaction, with full compromise of confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario A remote, unauthenticated attacker discovers an internet-facing SEM-PMP instance, identifies an input field or parameter that is passed unsanitized into a SQL query, and submits a crafted payload that breaks out of the intended statement. Because the backend database is configured to allow command execution, the attacker chains the injection to invoke OS commands, gaining code execution on the underlying server and full read/write access to application data. …
Remediation Upgrade SEM-PMP to a build newer than 23042026, following the fixed release referenced in the TR-CERT/USOM advisory TR-26-0527 (https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0527); the input data does not name an exact patched version string, so confirm the current fixed build directly with Semtek. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all Semtek SEM-PMP deployments and identify build versions; restrict network access to SEM-PMP ports from untrusted sources. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-5801 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy