CVE-2023-48863: SQL Injection
First published: Mon Dec 04 2023(Updated: )
SEMCMS 3.9 is vulnerable to SQL Injection. Due to the lack of security checks on the input of the application, the attacker uses the existing application to inject malicious SQL commands into the background database engine for execution, and sends some attack codes as commands or query statements to the interpreter. These malicious data can deceive the interpreter, so as to execute unplanned commands or unauthorized access to data.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| sem-cms | =3.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2023-48863?
CVE-2023-48863 is a vulnerability in SEMCMS 3.9 that allows an attacker to perform SQL Injection attacks.
What is the severity of CVE-2023-48863?
The severity of CVE-2023-48863 is high with a CVSS score of 7.5.
How does CVE-2023-48863 work?
CVE-2023-48863 allows an attacker to inject malicious SQL commands into the application's database engine to execute unauthorized actions.
How can I fix CVE-2023-48863?
To fix CVE-2023-48863, it is recommended to update SEMCMS to a version that includes security checks on input to prevent SQL Injection attacks.
Where can I find more information about CVE-2023-48863?
More information about CVE-2023-48863 can be found on the official SEMCMS website and the related Gitee page.
- agent/references
- agent/type
- agent/event
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/description
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/sem-cms
- canonical/sem-cms
- version/sem-cms/3.9