SEMCMS is a foreign trade web content management system (CMS) that supports multiple languages. A SQL injection vulnerability exists in SEMCMS v4.8, which originates from the lack of validation of externally entered SQL statements via the languageID parameter in /web_inc.php. The vulnerability can be exploited by an attacker to execute illegal SQL commands to steal sensitive database data.