A vulnerability was found in SeaCMS up to 13.3. The impacted element is an unknown function of the file admin_video.php. Performing a manipulation of the argument e_id results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-12-22
A vulnerability has been found in SeaCMS up to 13.3. The affected element is an unknown function of the file js/player/dmplayer/dmku/class/mysqli.class.php. Such manipulation of the argument page/limit leads to sql injection. The attack can be executed remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.9
EPSS Score
0.0
Published
2025-12-21
A vulnerability has been found in SeaCMS up to 13.3. The impacted element is an unknown function of the file /admin_members.php?ac=editsave. Such manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This affects another injection point than CVE-2025-25513.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-09-18
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_comment_news.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-05-06
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_manager.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-05-05
SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admin_topic.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-05-05
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component phomebak.php. This vulnerability allows attackers to execute arbitrary code via a crafted request.
CVSS Score
9.8
EPSS Score
0.039
Published
2025-05-05
A vulnerability classified as critical was found in SeaCMS up to 13.3. This vulnerability affects unknown code of the file /admin_topic.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.1
EPSS Score
0.002
Published
2025-04-19
A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.1
EPSS Score
0.002
Published
2025-04-18
SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.
CVSS Score
9.8
EPSS Score
0.003
Published
2025-04-03
Page 1