It is recommended to use a different password for the administrator account.
SEMCMS Shop V 1.1 is vulnerable to Cross-site Scripting via Settings.php.
It is recommended to limit the length of input forms to reduce the risk of XSS attacks.
SEMCMS Shop V 1.1 is vulnerable to Remote Code Execution via admin/people.
It is recommended to limit the length of input forms to reduce the risk of RCE.
SEMCMS Shop V 1.1 is vulnerable to Server-side Request Forgery via Shipping/Order.
It is recommended to limit the length of input forms to reduce the risk of SSRF.
Of course, there may be other security issues not mentioned here that have been discovered by our team. If you know about them, please contact us through our security contact form. We would be happy to discuss these issues with you and try to come up with a reasonable solution.
How can I check if my website is running SEMCMS Shop v1.1?
To check if your website is running SEMCMS Shop V 1.1, please contact us through our security contact form with the following information:
- Your website's URL
- Your website's hosting provider (e.g. GoDaddy, Bluehost)
- The SEMCMS Shop version you are using
- What methods of payment are accepted on your site
How to find the version of SEMCMS Shop?
If you want to identify the version of SEMCMS Shop that your client is using, you can open settings.php in a text editor and look for the following line:
version = "V 1.1"
You can also find this information on the website by going to admin section and then click on People. There, in the very bottom of the page, you will see a list of all versions that are released by Semcms Shop.
Timeline
Published on: 10/28/2022 15:15:00 UTC
Last modified on: 10/28/2022 18:34:00 UTC