CVE Catalog

CVE-2026-39170

MediumCVSS 6.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.02%

4th percentile - higher than 4% of all known CVEs

Summary

SemCms version 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.

Risk Assessment

An attacker could exploit this vulnerability to perform unauthorized actions on behalf of an authenticated user, potentially compromising data security.

Recommendation

It is recommended to implement CSRF tokens and validate POST requests to secure the application against such attacks.

Original NVD description (English source)

SemCms 5.0 is vulnerable to Cross Site Request Forgery (CSRF) via crafted POST request to /admin/semcms_user.php.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS