A vulnerability classified as problematic was found in SeaCMS 13.2. This vulnerability affects unknown code of the file /admin_paylog.php. The manipulation of the argument cstatus leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-05-05
Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-25
Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-25
Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-25
Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-25
Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-25
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-02-25
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-02-25
SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-02-24
Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-02-24
Page 1