CVE-2024-28405

Name of the Vulnerable Software and Affected Versions SEMCMS version 4.8

Description The issue arises from incorrect access control in the code, specifically where SEMCMS Funtion.php is installed before verifying the admin's validity on the admin page. This occurs because the authentication function is called from the admin page, allowing users to gain admin privileges.

Recommendations For SEMCMS version 4.8, consider temporarily restricting access to the admin page until a proper fix is implemented to ensure correct authentication and access control. Additionally, review the authentication function to ensure it is properly validating user credentials before granting access to sensitive areas of the application. At the moment, there is no information about a newer version that contains a fix for this vulnerability.