CVE-2019-11518

Name of the Vulnerable Software and Affected Versions SEMCMS version 3.8

Description An issue was discovered in SEMCMS, where the SEMCMS Inquiry.php file allows SQL Injection through the AID[] parameter because the inject check sql protection mechanism in the class.phpmailer.php file is incomplete.

Recommendations For SEMCMS version 3.8, consider disabling the SEMCMS Inquiry.php file or restricting access to it until a patch is available to prevent SQL Injection attacks. Avoid using the AID[] parameter in the affected file until the issue is resolved.