SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-02-24
Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-24
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
CVSS Score
9.8
EPSS Score
0.01
Published
2024-12-18
An issue was discovered in SeaCMS <=12.9 which allows remote attackers to execute arbitrary code via admin_ping.php.
CVSS Score
9.8
EPSS Score
0.038
Published
2024-07-05
An issue in SeaCMS v.12.9 allows an attacker to execute arbitrary commands via the admin_safe.php component.
CVSS Score
9.8
EPSS Score
0.003
Published
2023-10-25
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ notify.php component.
CVSS Score
8.8
EPSS Score
0.004
Published
2023-10-10
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_ Weixin.php component.
CVSS Score
7.2
EPSS Score
0.002
Published
2023-10-10
An issue in SeaCMS v.12.8 allows an attacker to execute arbitrary code via the admin_template.php component.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-10-10
SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-27
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-25