SeaCMS v12.8 has an arbitrary code writing vulnerability in the /jxz7g2/admin_ping.php file.
CVSS Score
9.8
EPSS Score
0.002
Published
2023-09-27
A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-25
SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2022-11-16
In SeaCMS v6.64, there is SQL injection via the admin_makehtml.php topic parameter because of mishandling in include/mkhtml.func.php.
CVSS Score
7.2
EPSS Score
0.003
Published
2018-11-17
In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element.
CVSS Score
5.4
EPSS Score
0.002
Published
2018-11-17
SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter.
CVSS Score
7.5
EPSS Score
0.012
Published
2018-09-26
An issue was discovered in SeaCMS 6.64. XSS exists in admin_datarelate.php via the time or maxHit parameter in a dorandomset action.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-22
SeaCMS 6.64 allows SQL Injection via the upload/admin/admin_video.php order parameter.
CVSS Score
9.8
EPSS Score
0.004
Published
2018-09-21
SeaCMS 6.64 allows arbitrary directory listing via upload/admin/admin_template.php?path=../templets/../../ requests.
CVSS Score
5.3
EPSS Score
0.004
Published
2018-09-21
An issue was discovered in SeaCMS 6.64. XSS exists in admin_video.php via the action, area, type, yuyan, jqtype, v_isunion, v_recycled, v_ismoney, or v_ispsd parameter.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-16