CVE-2020-18081

The checkuser function of SEMCMS 3.8 was discovered to contain a vulnerability which allows attackers to obtain the password in plaintext through a SQL query.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:sem-cms:semcms:3.8:*:*:*:*:*:*:*

History

22 Dec 2021, 20:22

Type Values Removed Values Added
References (MISC) https://github.com/cve-vul/vul/blob/master/SEMCMS/backstage_access_control.md - (MISC) https://github.com/cve-vul/vul/blob/master/SEMCMS/backstage_access_control.md - Exploit, Third Party Advisory
CWE CWE-89
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CPE cpe:2.3:a:sem-cms:semcms:3.8:*:*:*:*:*:*:*

17 Dec 2021, 18:36

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-17 17:15

Updated : 2023-12-10 14:09


NVD link : CVE-2020-18081

Mitre link : CVE-2020-18081

CVE.ORG link : CVE-2020-18081


JSON object : View

Products Affected

sem-cms

  • semcms
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')