SEMCMS SQL Injection Vulnerability in SEMCMS_Info.php File

A SQL injection vulnerability has been identified in SEMCMS version 5.0. The issue arises in the SEMCMS_Info.php file, where the searchml parameter is not properly validated, allowing attackers to manipulate SQL queries and potentially access sensitive database information. This vulnerability can be exploited remotely.

Impact

Exploitation of this vulnerability allows unauthorized execution of SQL commands, leading to unauthorized access to the database, leakage of sensitive data, data manipulation, and in some cases, complete control over the system.

Reproduction

The vulnerability can be reproduced by sending a POST request to SEMCMS_Info.php with the searchml parameter. The request should include a payload that exploits the SQL injection, such as a UNION SELECT statement that extracts database information.

Remediation

It is recommended to use prepared statements and parameter binding to prevent SQL injection. Input validation and filtering should be implemented to ensure user input conforms to expected formats. Additionally, minimize database user permissions and conduct regular security audits.