Sem Pmp
Monthly
SQL injection in Semtek SEM-PMP through build 23042026 allows remote attackers to inject arbitrary SQL and, per the vendor description, escalate to operating-system command execution through the database layer. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) rating and is reachable over the network without authentication or user interaction. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the combination of unauthenticated network reach and command-execution impact makes it a high-priority patching target.
SQL injection in Semtek SEM-PMP through build 23042026 allows remote attackers to inject arbitrary SQL and, per the vendor description, escalate to operating-system command execution through the database layer. The flaw carries a critical CVSS 9.8 (AV:N/AC:L/PR:N/UI:N) rating and is reachable over the network without authentication or user interaction. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the combination of unauthenticated network reach and command-execution impact makes it a high-priority patching target.