Seacms
by Seacms
CVEs (116)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-29647 | 0.00 | — | 0.00 | Apr 3, 2025 | SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php. | |||
| CVE-2025-25813 | 0.00 | — | 0.01 | Feb 26, 2025 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php. | |||
| CVE-2025-25793 | 0.00 | — | 0.01 | Feb 26, 2025 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php. | |||
| CVE-2025-25800 | 0.00 | — | 0.01 | Feb 26, 2025 | SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php. | |||
| CVE-2025-25792 | 0.00 | — | 0.01 | Feb 26, 2025 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php. | |||
| CVE-2025-25796 | 0.00 | — | 0.01 | Feb 26, 2025 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php. | |||
| CVE-2025-25802 | 0.00 | — | 0.01 | Feb 26, 2025 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php. | |||
| CVE-2025-25794 | 0.00 | — | 0.01 | Feb 26, 2025 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php. | |||
| CVE-2025-25797 | 0.00 | — | 0.01 | Feb 26, 2025 | SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php. | |||
| CVE-2025-25799 | 0.00 | — | 0.00 | Feb 26, 2025 | SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php. | |||
| CVE-2025-25516 | 0.00 | — | 0.00 | Feb 25, 2025 | Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php. | |||
| CVE-2025-25520 | 0.00 | — | 0.00 | Feb 25, 2025 | Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php. | |||
| CVE-2025-25514 | 0.00 | — | 0.00 | Feb 25, 2025 | Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php. | |||
| CVE-2025-25521 | 0.00 | — | 0.00 | Feb 25, 2025 | Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php. | |||
| CVE-2025-25515 | 0.00 | — | 0.00 | Feb 25, 2025 | Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database. | |||
| CVE-2025-25519 | 0.00 | — | 0.00 | Feb 25, 2025 | Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php. | |||
| CVE-2025-25517 | 0.00 | — | 0.00 | Feb 25, 2025 | Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php. | |||
| CVE-2025-22974 | 0.00 | — | 0.01 | Feb 24, 2025 | SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component. | |||
| CVE-2025-25513 | 0.00 | — | 0.00 | Feb 24, 2025 | Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php. | |||
| CVE-2024-54879 | 0.00 | — | 0.01 | Jan 6, 2025 | SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely. |
- CVE-2025-29647Apr 3, 2025risk 0.00cvss —epss 0.00
SeaCMS v13.3 has a SQL injection vulnerability in the component admin_tempvideo.php.
- CVE-2025-25813Feb 26, 2025risk 0.00cvss —epss 0.01
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_files.php.
- CVE-2025-25793Feb 26, 2025risk 0.00cvss —epss 0.01
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_notify.php.
- CVE-2025-25800Feb 26, 2025risk 0.00cvss —epss 0.01
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe_file.php.
- CVE-2025-25792Feb 26, 2025risk 0.00cvss —epss 0.01
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the isopen parameter at admin_weixin.php.
- CVE-2025-25796Feb 26, 2025risk 0.00cvss —epss 0.01
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_template.php.
- CVE-2025-25802Feb 26, 2025risk 0.00cvss —epss 0.01
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ip.php.
- CVE-2025-25794Feb 26, 2025risk 0.00cvss —epss 0.01
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_ping.php.
- CVE-2025-25797Feb 26, 2025risk 0.00cvss —epss 0.01
SeaCMS v13.3 was discovered to contain a remote code execution (RCE) vulnerability via the component admin_smtp.php.
- CVE-2025-25799Feb 26, 2025risk 0.00cvss —epss 0.00
SeaCMS 13.3 was discovered to contain an arbitrary file read vulnerability in the file_get_contents function at admin_safe.php.
- CVE-2025-25516Feb 25, 2025risk 0.00cvss —epss 0.00
Seacms <=13.3 is vulnerable to SQL Injection in admin_paylog.php.
- CVE-2025-25520Feb 25, 2025risk 0.00cvss —epss 0.00
Seacms <13.3 is vulnerable to SQL Injection in admin_pay.php.
- CVE-2025-25514Feb 25, 2025risk 0.00cvss —epss 0.00
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect_news.php.
- CVE-2025-25521Feb 25, 2025risk 0.00cvss —epss 0.00
Seacms <=13.3 is vulnerable to SQL Injection in admin_type_news.php.
- CVE-2025-25515Feb 25, 2025risk 0.00cvss —epss 0.00
Seacms <=13.3 is vulnerable to SQL Injection in admin_collect.php that allows an authenticated attacker to exploit the database.
- CVE-2025-25519Feb 25, 2025risk 0.00cvss —epss 0.00
Seacms <=13.3 is vulnerable to SQL Injection in admin_zyk.php.
- CVE-2025-25517Feb 25, 2025risk 0.00cvss —epss 0.00
Seacms <=13.3 is vulnerable to SQL Injection in admin_reslib.php.
- CVE-2025-22974Feb 24, 2025risk 0.00cvss —epss 0.01
SQL Injection vulnerability in SeaCMS v.13.2 and before allows a remote attacker to execute arbitrary code via the DoTranExecSql parameter in the phome.php component.
- CVE-2025-25513Feb 24, 2025risk 0.00cvss —epss 0.00
Seacms <=13.3 is vulnerable to SQL Injection in admin_members.php.
- CVE-2024-54879Jan 6, 2025risk 0.00cvss —epss 0.01
SeaCMS V13.1 is vulnerable to Incorrect Access Control. A logic flaw can be exploited by an attacker to allow any user to recharge members indefinitely.
Page 3 of 6