Shodan
Vulnerabilities
Vulnerable Software
Seacms:  >> Seacms  >> 12.9  Security Vulnerabilities
CVE-2025-25515
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-02-25
CVE-2025-22974
SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-02-24
CVE-2025-25513
Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-24
CVE-2024-55461
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
CVSS Score
9.8
EPSS Score
0.01
Published
2024-12-18
CVE-2024-44920
A cross-site scripting (XSS) vulnerability in the component admin_collect_news.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the siteurl parameter.
CVSS Score
6.1
EPSS Score
0.0
Published
2024-09-03
CVE-2024-44921
SeaCMS v12.9 was discovered to contain a SQL injection vulnerability via the id parameter at /dmplayer/dmku/index.php?ac=del.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-09-03
CVE-2024-44918
A cross-site scripting (XSS) vulnerability in the component admin_datarelate.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-08-30
CVE-2024-44919
A cross-site scripting (XSS) vulnerability in the component admin_ads.php of SeaCMS v12.9 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ad description parameter.
CVSS Score
5.4
EPSS Score
0.0
Published
2024-08-29
CVE-2024-41444
SeaCMS v12.9 has a SQL injection vulnerability in the key parameter of /js/player/dmplayer/dmku/index.php?ac=so.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-08-26
CVE-2024-7163
A vulnerability, which was classified as problematic, was found in SeaCMS 12.9. This affects an unknown part of the file /js/player/dmplayer/player/index.php. The manipulation of the argument color/vid/url leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-272577 was assigned to this vulnerability.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-07-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved