QSearchQSearch

CVE-2026-39170

6.3 MEDIUM

SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php

Published: 2026-06-09 · Last updated: 2026-06-09

Severity and scoring

CVSS
6.3 MEDIUM
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE
CWE-352

Description

SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.

Source: NVD

References

Related CVEs

Same CWE

  • CVE-2025-58468 A cross-site request forgery (CSRF) vulnerability has been reported to affect Notification Center
  • CVE-2026-8940 The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9 (4.3 MEDIUM)
  • CVE-2026-8910 The WP Emoticon Rating plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1 (6.1 MEDIUM)
  • CVE-2026-8909 The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3 (4.3 MEDIUM)
  • CVE-2026-8907 The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1 (6.1 MEDIUM)