Aggregates CVE and security vulnerability intelligence across all Sem Cms-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk sql injection, vendor risk cross-site scripting, and vendor risk csrf and related problems; some flaws may lead to vendor impact data exposure and vendor impact session compromise.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-1552 | A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 2.1 | 0.03% | 2026-01-29 | 2026-04-29 |
| CVE-2025-51660 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51659 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51658 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51657 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51656 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51655 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51654 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51653 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51652 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-25686 | semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. | [email protected] | 9.8 | 0.23% | 2025-03-27 | 2025-04-11 |
| CVE-2024-13193 | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 5.3 | 0.07% | 2025-01-08 | 2025-04-04 |
| CVE-2024-53502 | Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page. | [email protected] | 3.8 | 0.15% | 2024-12-03 | 2025-04-04 |
| CVE-2024-52725 | SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component. | [email protected] | 4.9 | 0.17% | 2024-11-20 | 2025-04-04 |
| CVE-2024-46103 | SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. | [email protected] | 9.8 | 0.09% | 2024-09-20 | 2025-04-04 |
| CVE-2024-36801 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php. | [email protected] | 5.9 | 0.62% | 2024-06-04 | 2025-04-03 |
| CVE-2024-36800 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php. | [email protected] | 7.5 | 0.10% | 2024-06-04 | 2025-04-03 |
| CVE-2024-4595 | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerability. | [email protected] | 6.3 | 0.09% | 2024-05-07 | 2025-04-04 |
| CVE-2024-32409 | An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. | [email protected] | 7.1 | 2.11% | 2024-04-19 | 2025-04-04 |
| CVE-2024-30938 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component. | [email protected] | 9.8 | 0.36% | 2024-04-19 | 2025-04-04 |