Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Unauthenticated network-reachable SQL injection (AV:N/AC:L/PR:N/UI:N) yielding command execution gives full C/I/A impact; scope unchanged as OS access stems from DB privileges within the same authorization context.
Primary rating from Vendor (TR-CERT).
CVSS VectorVendor: TR-CERT
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionCVE.org
Improper neutralization of special elements used in an SQL command ('SQL injection') vulnerability in Semtek Informatics Software Consulting Trade Ltd. Co. SEM-PMP allows Command Line Execution through SQL Injection.
This issue affects SEM-PMP: through 23042026.
AnalysisAI
SQL injection in Semtek SEM-PMP through build 23042026 allows remote attackers to inject arbitrary SQL and, per the vendor description, escalate to operating-system command execution through the database layer. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) rating and is reachable over the network without authentication or user interaction. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | No special conditions - remote unauthenticated exploitation against network-reachable SEM-PMP instances through build 23042026, per CVSS AV:N/AC:L/PR:N/UI:N. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, 9.8) signals worst-case reachability: network attack vector, low complexity, no privileges, and no user interaction, with full compromise of confidentiality, integrity, and availability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | A remote, unauthenticated attacker discovers an internet-facing SEM-PMP instance, identifies an input field or parameter that is passed unsanitized into a SQL query, and submits a crafted payload that breaks out of the intended statement. Because the backend database is configured to allow command execution, the attacker chains the injection to invoke OS commands, gaining code execution on the underlying server and full read/write access to application data. … |
| Remediation | Upgrade SEM-PMP to a build newer than 23042026, following the fixed release referenced in the TR-CERT/USOM advisory TR-26-0527 (https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0527); the input data does not name an exact patched version string, so confirm the current fixed build directly with Semtek. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Semtek SEM-PMP deployments and identify build versions; restrict network access to SEM-PMP ports from untrusted sources. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-89 – SQL Injection
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42972
GHSA-q94r-r39w-76f6