Semcms v4.8 CVE-2023-48864 SQL Injection Exploit

Exploits And POCs Malicious Scripts Tools

January 8, 2024 / Prapattimynk

Semcms v4.8 CVE-2023-48864 SQL Injection Exploit

A SQL injection vulnerability exists in SEMCMS v4.8. The vulnerability stems from a lack of validation of externally entered SQL statements in the web_inc.php parameter languageID. An attacker with no credentials can use this vulnerability to execute illegal SQL commands to obtain sensitive data from the database.

Vulnerability analysis

The vulnerability exists on line 83 of web_inc.php:

if (isset($_POST["languageID"])){
$Language=test_input(verify_str($_POST["languageID"]));
}else{
$Language=verify_str($Language);
}

Download

Upvote0PointsDownvote

0 People voted this article. 0 Upvotes - 0 Downvotes.

The POST SMTP Mailer CVE-2023-7027 Exploit

What do you think?

It is nice to know your opinion. Leave a comment.

September 14, 2023

FHR Electric Data Leak

July 8, 2023

Postfix SMTP Smuggling CVE-2023-51764 Exploit

December 27, 2023

WSPCoerce - PoC to coerce authentication from Windows hosts using MS-WSP

July 28, 2023

CVE-2023-20110 Exploit | Cisco Smart Software Manager On-Prem SQL Injection

July 16, 2023

Now Reading: Semcms v4.8 CVE-2023-48864 SQL Injection Exploit

Semcms v4.8 CVE-2023-48864 SQL Injection Exploit

Share

Vulnerability analysis

The POST SMTP Mailer CVE-2023-7027 Exploit

Covenant - C2 Framework For Red Teamers

What do you think?

Leave a reply Cancel reply

Craxs Rat V6.7 Working Free Download

FHR Electric Data Leak

Postfix SMTP Smuggling CVE-2023-51764 Exploit

WSPCoerce - PoC to coerce authentication from Windows hosts using MS-WSP

CVE-2023-20110 Exploit | Cisco Smart Software Manager On-Prem SQL Injection

Quick Navigation

Semcms v4.8 CVE-2023-48864 SQL Injection Exploit