How severe is CVE-2024-28405?

CVE-2024-28405 has a CVSS v3 score of 7.2 (HIGH).

CVE-2024-28405

Name: semcms
Author: sem-cms

7.2HIGH

SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from

Publicado: 3/29/2024Actualizado: 4/4/2025

Descripción

SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges.

Análisis IAImpulsado por IA

Productos Afectados

sem-cmssemcms

4.8

Referencias

https://github.com/turabiaslan/semcms
ExploitThird Party Advisory
https://github.com/turabiaslan/semcms/blob/main/README.md
ExploitThird Party Advisory
https://github.com/turabiaslan/semcms
ExploitThird Party Advisory
https://github.com/turabiaslan/semcms/blob/main/README.md
ExploitThird Party Advisory