PT-2024-23721 · Semcms · Semcms
Jixin Zhang
+1
·
Published
2024-04-02
·
Updated
2025-04-04
·
CVE-2024-31009
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SEMCMS version 4.8
Description
The issue allows a remote attacker to obtain sensitive information via the
lgid parameter in Banner.php. This is a result of a SQL injection vulnerability.Recommendations
For SEMCMS version 4.8, consider restricting access to the Banner.php file or the
lgid parameter to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using the lgid parameter in the affected API endpoint until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Semcms