{
  "id": "CVE-2024-28405",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2024-03-29T15:15:11.123",
  "lastModified": "2024-04-01T01:12:59.077",
  "vulnStatus": "Awaiting Analysis",
  "descriptions": [
    {
      "lang": "en",
      "value": "SEMCMS 4.8 is vulnerable to Incorrect Access Control. The code installs SEMCMS_Funtion.php before checking if the admin is a valid user in the admin page because authentication function is called from there, users gain admin privileges."
    },
    {
      "lang": "es",
      "value": "SEMCMS 4.8 es vulnerable a un control de acceso incorrecto. El c\u00f3digo instala SEMCMS_Funtion.php antes de verificar si el administrador es un usuario v\u00e1lido en la p\u00e1gina de administraci\u00f3n porque la funci\u00f3n de autenticaci\u00f3n se llama desde all\u00ed y los usuarios obtienen privilegios de administrador."
    }
  ],
  "metrics": {},
  "references": [
    {
      "url": "https://github.com/turabiaslan/semcms",
      "source": "cve@mitre.org"
    },
    {
      "url": "https://github.com/turabiaslan/semcms/blob/main/README.md",
      "source": "cve@mitre.org"
    }
  ]
}