Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-02-25
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-02-25
SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.
CVSS Score
9.8
EPSS Score
0.007
Published
2025-02-24
Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-24
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
CVSS Score
9.8
EPSS Score
0.017
Published
2024-12-18
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-30
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-08-22
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-08-20
A vulnerability classified as problematic was found in SeaCMS 13.0. Affected by this vulnerability is an unknown functionality of the file /member.php?action=chgpwdsubmit of the component Password Change Handler. The manipulation of the argument newpwd/newpwd2 leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-272575.
CVSS Score
4.3
EPSS Score
0.002
Published
2024-07-28
A vulnerability, which was classified as problematic, has been found in SeaCMS 12.9/13.0. Affected by this issue is some unknown functionality of the file js/player/dmplayer/admin/post.php?act=setting. The manipulation of the argument yzm leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-272576.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-07-28