A Cross-Site Request Forgery (CSRF) in admin_manager.php of Seacms up to v12.8 allows attackers to arbitrarily add an admin account.
CVSS Score
8.8
EPSS Score
0.002
Published
2023-09-25
SeaCms before v12.6 was discovered to contain a SQL injection vulnerability via the component /js/player/dmplayer/dmku/index.php.
CVSS Score
9.8
EPSS Score
0.001
Published
2022-11-16
SeaCMS 7.2 mishandles member.php?mod=repsw4 requests.
CVSS Score
8.8
EPSS Score
0.004
Published
2019-02-17
SeaCMS 6.64 and 7.2 allows remote attackers to delete arbitrary files via the filedir parameter.
CVSS Score
7.5
EPSS Score
0.016
Published
2018-09-26
Page 3