SEMCMS version 5.0 has a flaw in the file SEMCMS_copy.php that allows a user to access the script without proper authorization. The vulnerability results in an authentication bypass, permitting any user who can reach the PHP file to view or use its functionality regardless of intended security controls. The impact is the loss of confidentiality and potential availability of restricted functions, as the code may expose sensitive data or enable further exploitation if the script can be invoked by an attacker.

The affected product is SEMCMS 5.0. No other vendors or versions are listed in the advisory, and no detailed version range is available. Systems running SEMCMS 5.0 should be verified for the presence of the file SEMCMS_copy.php and the lack of authentication checks.

No EPSS score is provided, and the vulnerability is not listed in CISA KEV, so the current exploitation probability is unknown. However, the nature of the flaw—unauthorized access to a PHP script—indicates that an attacker could potentially reach the file over the web if the server serves it, making exploitation relatively straightforward if the file contains sensitive logic. The severity of the flaw depends on what functionality the script provides, but the lack of access controls creates an opportunity for privilege escalation or data exposure. The vulnerability is likely exploitable via a direct HTTP request to the file path.