Security Vulnerabilities - CVEs Published In February 2025
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.
CVSS Score
4.4
EPSS Score
0.001
Published
2025-02-26
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.
CVSS Score
5.1
EPSS Score
0.001
Published
2025-02-26
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
CVSS Score
5.1
EPSS Score
0.001
Published
2025-02-26
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.
CVSS Score
5.1
EPSS Score
0.001
Published
2025-02-26
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.
CVSS Score
5.1
EPSS Score
0.001
Published
2025-02-26
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-02-26
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-02-26
An arbitrary file upload vulnerability in the component admin\plugin.php of Emlog Pro v2.5.3 allows attackers to execute arbitrary code via uploading a crafted Zip file.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-26
An arbitrary file upload vulnerability in the component \c\TemplateController.php of Jizhicms v2.5.4 allows attackers to execute arbitrary code via uploading a crafted Zip file.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-26
JizhiCMS v2.5.4 was discovered to contain a Server-Side Request Forgery (SSRF) via the component \c\PluginsController.php. This vulnerability allows attackers to perform an intranet scan via a crafted request.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-02-26