CVE-2026-5801
Semtek Informatics Software Consulting Trade Ltd. · SEM-PMP
The SEM-PMP application is susceptible to an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary commands on the underlying system.
Executive summary
A critical SQL injection vulnerability in Semtek Informatics SEM-PMP allows unauthenticated attackers to achieve remote command execution.
Vulnerability
The application fails to properly neutralize special elements in SQL commands, enabling SQL injection. This flaw permits an unauthenticated attacker to bypass security controls and execute commands at the operating system level.
Business impact
The CVSS score of 9.8 reflects the extreme severity of this vulnerability, which grants full control over the affected server to an unauthenticated remote attacker. Successful exploitation could lead to total data compromise, the destruction of critical business records, and the use of the compromised system to facilitate further attacks within the internal network.
Remediation
Immediate Action: Upgrade to the latest version of SEM-PMP provided by the vendor to remediate the SQL injection flaw.
Proactive Monitoring: Review database and application logs for unusual query patterns or unexpected system execution calls originating from the application service account.
Compensating Controls: Deploy a Web Application Firewall (WAF) with strict SQL injection protection rules to inspect and block malicious traffic targeting the application.
Exploitation status
Public Exploit Available: False
Analyst recommendation
This vulnerability represents a critical risk to organizational infrastructure. Administrators must prioritize the application of the vendor-supplied update immediately, as the lack of authentication requirements makes this an attractive target for automated exploitation.