汇总 Sem Cms 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。
常见弱点模式包括 SQL 注入、跨站脚本与CSRF,在 软件部署与生产负载 使用场景中可能带来 数据泄露与会话劫持 等风险。
相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。
| CVE | 摘要 | 来源 | 最高 CVSS | EPSS % | 公开时间 | 更新时间 |
|---|---|---|---|---|---|---|
| CVE-2026-1552 | A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 2.1 | 0.34% | 2026-01-28 | 2026-06-17 |
| CVE-2025-51660 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php. | [email protected] | 5.4 | 0.25% | 2025-07-14 | 2026-06-17 |
| CVE-2025-51659 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php. | [email protected] | 5.4 | 0.25% | 2025-07-14 | 2026-06-17 |
| CVE-2025-51658 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php. | [email protected] | 5.4 | 0.25% | 2025-07-14 | 2026-06-17 |
| CVE-2025-51657 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php. | [email protected] | 5.4 | 0.25% | 2025-07-14 | 2026-06-17 |
| CVE-2025-51656 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php. | [email protected] | 5.4 | 0.25% | 2025-07-14 | 2026-06-17 |
| CVE-2025-51655 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php. | [email protected] | 5.4 | 0.25% | 2025-07-14 | 2026-06-17 |
| CVE-2025-51654 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php. | [email protected] | 5.4 | 0.25% | 2025-07-14 | 2026-06-17 |
| CVE-2025-51653 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php. | [email protected] | 5.4 | 0.25% | 2025-07-14 | 2026-06-17 |
| CVE-2025-51652 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php. | [email protected] | 5.4 | 0.25% | 2025-07-14 | 2026-06-17 |
| CVE-2025-25686 | semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. | [email protected] | 9.8 | 0.40% | 2025-03-27 | 2026-06-17 |
| CVE-2024-13193 | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 5.3 | 0.49% | 2025-01-08 | 2026-06-17 |
| CVE-2024-53502 | Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page. | [email protected] | 3.8 | 0.28% | 2024-12-03 | 2026-06-17 |
| CVE-2024-52725 | SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component. | [email protected] | 4.9 | 0.55% | 2024-11-20 | 2026-06-17 |
| CVE-2024-46103 | SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. | [email protected] | 9.8 | 0.50% | 2024-09-20 | 2026-06-17 |
| CVE-2024-36801 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php. | [email protected] | 5.9 | 0.39% | 2024-06-04 | 2026-06-17 |
| CVE-2024-36800 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php. | [email protected] | 7.5 | 0.70% | 2024-06-04 | 2026-06-17 |
| CVE-2024-4595 | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerability. | [email protected] | 6.3 | 0.57% | 2024-05-07 | 2026-06-17 |
| CVE-2024-32409 | An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. | [email protected] | 7.1 | 0.65% | 2024-04-19 | 2026-06-17 |
| CVE-2024-30938 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component. | [email protected] | 9.8 | 0.76% | 2024-04-18 | 2026-06-17 |