Home > Vulnerability Database > CVE-2023-48863

Mend.io Vulnerability Database

CVE-2023-48863

Date: December 3, 2023

SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data.

Language: PHP

Severity Score

7.5

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-48863

Url: https://gitee.com/NoBlake/cve-2023-48863/

Url: http://www.sem-cms.com/

Url: https://www.mend.io/vulnerability-database/CVE-2023-48863

Severity Score

7.5

Weakness Type (CWE)

SQL Injection

CWE-89

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-48863

Date: December 3, 2023

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?