Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-02-25
Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php.
CVSS Score
9.8
EPSS Score
0.004
Published
2025-02-25
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php.
CVSS Score
6.5
EPSS Score
0.002
Published
2025-02-25
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database.
CVSS Score
8.8
EPSS Score
0.005
Published
2025-02-25
SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.
CVSS Score
9.8
EPSS Score
0.017
Published
2025-02-24
Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
CVSS Score
9.8
EPSS Score
0.002
Published
2025-02-24
SeaCMS <=13.0 is vulnerable to command execution in phome.php via the function Ebak_RepPathFiletext().
CVSS Score
9.8
EPSS Score
0.013
Published
2024-12-18
Seacms v13 is vulnerable to Cross Site Scripting (XSS) via admin-video.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-08-30
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_files.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2024-08-22
SeaCMS 13.0 has a remote code execution vulnerability. The reason for this vulnerability is that although admin_editplayer.php imposes restrictions on edited files, attackers can still bypass these restrictions and write code, allowing authenticated attackers to exploit the vulnerability to execute arbitrary commands and gain system privileges.
CVSS Score
6.7
EPSS Score
0.001
Published
2024-08-20