彙總 Sem Cms 相關全部產品的 CVE 與安全漏洞情報,包括 CVSS、EPSS、公開時間與漏洞情報資料。
常見弱點模式包括 SQL 注入、跨站腳本與CSRF,在 軟體部署與生產負載 使用場景中可能帶來 資料外洩與工作階段劫持 等風險。
相關漏洞資料主要來源於公開漏洞披露與安全公告,可用於評估歷史漏洞暴露面與修補優先順序。
| CVE | 摘要 | 來源 | 最高 CVSS | EPSS % | 公開時間 | 更新時間 |
|---|---|---|---|---|---|---|
| CVE-2026-1552 | A security vulnerability has been detected in SEMCMS 5.0. This vulnerability affects unknown code of the file /SEMCMS_Info.php. The manipulation of the argument searchml leads to sql injection. The attack is possible to be carried out remotely. The exploit has been disclosed publicly and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 2.1 | 0.03% | 2026-01-29 | 2026-04-29 |
| CVE-2025-51660 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Products.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51659 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Products.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51658 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_InquiryView.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51657 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the lgid parameter at SEMCMS_Link.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51656 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the ID parameter at SEMCMS_Link.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51655 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Quanxian.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51654 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Infocategories.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51653 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_ct.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-51652 | SemCms v5.0 was discovered to contain a SQL injection vulnerability via the pid parameter at SEMCMS_Categories.php. | [email protected] | 5.4 | 0.18% | 2025-07-14 | 2025-07-15 |
| CVE-2025-25686 | semcms <=5.0 is vulnerable to SQL Injection in SEMCMS_Fuction.php. | [email protected] | 9.8 | 0.23% | 2025-03-27 | 2025-04-11 |
| CVE-2024-13193 | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is an unknown functionality of the file SEMCMS_Images.php of the component Image Library Management Page. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | [email protected] | 5.3 | 0.07% | 2025-01-08 | 2025-04-04 |
| CVE-2024-53502 | Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page. | [email protected] | 3.8 | 0.15% | 2024-12-03 | 2025-04-04 |
| CVE-2024-52725 | SemCms v4.8 was discovered to contain a SQL injection vulnerability. This allows an attacker to execute arbitrary code via the ldgid parameter in the SEMCMS_SeoAndTag.php component. | [email protected] | 4.9 | 0.17% | 2024-11-20 | 2025-04-04 |
| CVE-2024-46103 | SEMCMS 4.8 is vulnerable to SQL Injection via SEMCMS_Main.php. | [email protected] | 9.8 | 0.09% | 2024-09-20 | 2025-04-04 |
| CVE-2024-36801 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the lgid parameter in Download.php. | [email protected] | 5.9 | 0.62% | 2024-06-04 | 2025-04-03 |
| CVE-2024-36800 | A SQL injection vulnerability in SEMCMS v.4.8, allows a remote attacker to obtain sensitive information via the ID parameter in Download.php. | [email protected] | 7.5 | 0.10% | 2024-06-04 | 2025-04-03 |
| CVE-2024-4595 | A vulnerability has been found in SEMCMS up to 4.8 and classified as critical. Affected by this vulnerability is the function locate of the file function.php. The manipulation leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-263317 was assigned to this vulnerability. | [email protected] | 6.3 | 0.09% | 2024-05-07 | 2025-04-04 |
| CVE-2024-32409 | An issue in SEMCMS v.4.8 allows a remote attacker to execute arbitrary code via a crafted script. | [email protected] | 7.1 | 2.11% | 2024-04-19 | 2025-04-04 |
| CVE-2024-30938 | SQL Injection vulnerability in SEMCMS v.4.8 allows a remote attacker to obtain sensitive information via the ID parameter in the SEMCMS_User.php component. | [email protected] | 9.8 | 0.36% | 2024-04-19 | 2025-04-04 |