CVE-2023-48863

Name of the Vulnerable Software and Affected Versions SEMCMS version 3.9

Description The issue is related to SQL Injection due to the lack of security checks on the input of the application. An attacker can inject malicious SQL commands into the background database engine for execution, sending attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, allowing the execution of unplanned commands or unauthorized access to data.

Recommendations For SEMCMS version 3.9, as a temporary workaround, consider implementing proper input validation and sanitization to prevent malicious SQL commands from being injected into the database engine. Restrict access to sensitive data and ensure that all user input is thoroughly checked to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.