CVE-2023-48863 Information

Description

SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter so as to execute unplanned commands or unauthorized access to data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

http://www.sem-cms.com/ https://gitee.com/NoBlake/cve-2023-48863/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5