Semcms v4.8 CVE-2023-48864 SQL Injection Exploit

Semcms v4.8 CVE-2023-48864 SQL Injection Exploit

vPython by Prapattimynk

A SQL injection vulnerability exists in SEMCMS v4.8. The vulnerability stems from a lack of validation of externally entered SQL statements in the web_inc.php parameter languageID. An attacker with no

Android Android 5.0Exploits And POCs
( 735 ratings )
Price: $0
File Semcms v4.8 CVE-2023-48864 SQL Injection Exploit
Publisher Prapattimynk
Genre Exploits And POCs
Size -
File Type Python
Os All
Mod Version Python
Report Report
Semcms v4.8 CVE-2023-48864 SQL Injection Exploit is the most famous version in the Semcms v4.8 CVE-2023-48864 SQL Injection Exploit series of publisher
Download

A SQL injection vulnerability exists in SEMCMS v4.8. The vulnerability stems from a lack of validation of externally entered SQL statements in the web_inc.php parameter languageID. An attacker with no credentials can use this vulnerability to execute illegal SQL commands to obtain sensitive data from the database.

Vulnerability analysis

The vulnerability exists on line 83 of web_inc.php:

if (isset($_POST["languageID"])){
$Language=test_input(verify_str($_POST["languageID"]));
}else{
$Language=verify_str($Language);
}



Recommended for You

You may also like

Comments

Your email address will not be published. Required fields are marked *

Next Post X
Ads Blocker Image Powered by Code Help Pro

AdBlocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.